Consultancy services to conduct an External audits, vulnerability, and penetration testing
About This Opportunity
Request for Expression of Interest | Project: Uganda Digital Acceleration Project - GovNet | Method: Least Cost Selection | Ref: UG-NITA-U-495887-CS-LCS
This is a consulting contract in the information and communication technology sector, with a focus on Network Infrastructure. Located in Uganda, Africa, this opportunity is open to firms and consortiums. Proposals must be submitted before July 8, 2026.
Published through WB - World Bank, a multilateral development bank that follows standardized international procurement guidelines. Projects funded by multilateral institutions are generally open to international bidders from eligible member countries for consulting in the information and communication technology sector. Consulting assignments are typically evaluated with a strong emphasis on the technical proposal, including the methodology and qualifications of key experts. Shortlisted firms may be invited to submit financial proposals in a second stage. Interested parties should review the full documentation on the original source before submitting their proposal.
Description
REQUEST FOR EXPRESSION OF INTEREST
(CONSULTING SERVICES – FIRMS SELECTION)
UGANDA
UGANDA DIGITAL ACCELERATION PROJECT – GOVERNMENT NETWORK (UDAP-GOVNET)
PROJECT ID-P171305
LOAN NUMBER: IDA-68980
REFERENCE NUMBER: NITA-UDAP/CONS/25-26/00053
ASSIGNMENT TITLE: CONSULTANCY SERVICES TO CONDUCT AN EXTERNAL AUDITS, VULNERABILITY, AND PENETRATION TESTING
The Government of Uganda, represented by the National Information Technology Authority - Uganda (NITA-U), has received financing from the World Bank towards the cost of the Uganda Digital Acceleration Project - Government Network (UDAP-GOVNET) and intends to apply part of the proceeds for Consultancy services to conduct an External audits, vulnerability, and penetration testing.
The consulting services (“the Services”) include conducting External audits, vulnerability, and penetration testing. The primary goal of this project is to identify and address vulnerabilities and to ensure compliance with national and international cybersecurity standards, namely the National Information Security Framework (NISF) and ISO/IEC 27001:2022. The NISF is Uganda's mandatory national information security standard governing all Government Ministries, Departments, and Agencies (MDAs); it defines the minimum information security controls that Government agencies, as well as private- sector companies that own or operate protected computers, must apply to reduce their vulnerability to cyber threats. ISO/IEC 27001:2022, an internationally recognized standard for information security management systems, is used as a supplementary reference for global benchmarking. While the NISF provides the primary compliance baseline specific to Uganda's public-sector context, ISO/IEC 27001:2022 ensures findings are aligned with international best practice. This effort aims to strengthen the cybersecurity posture of Uganda's Government digital services, fostering a secure and resilient digital environment that supports the efficient delivery of public services
The Implementation period of the assignment is 25 Weeks from the date of signing the contract.
The detailed Terms of Reference (TOR) for the assignment can be found at the following website: https://www.nita.go.ug/opportunities/bids-and-tenders
The National Information Technology Authority - Uganda now invites eligible consulting firms (“Consultants”) to indicate their interest in providing the services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience to perform the Services.
The Shortlisting Criteria for the firm’s capacity and experience are:
- The Consulting Firm shall be a legally registered organization in Uganda or overseas, Proof of legal registration must be included in the proposal submission and be valid for the year of operation.
- The Consulting Firm shall be a legally registered and authorized to provide cybersecurity assessment and penetration testing services by NITA -U.
- The firm must demonstrate previous experience in cybersecurity consulting, specifically in conducting Vulnerability Assessments and Penetration Testing (VAPT). The firm should provide evidence of successful execution of at least five (5) similar assignments of comparable type, scope, and complexity, preferably involving Government institutions, critical national infrastructure or Data Centers and Operational Technology (OT) or Supervisory Control and Data Acquisition (SCADA) systems.
- The firm shall demonstrate depth of expertise, quality of reporting, and experience in conducting Vulnerability Assessment and Penetration Testing (VAPT) assignments. To facilitate this assessment, the firm shall submit at least two (2) redacted VAPT reports from previously completed assignments of similar scope and complexity. The submitted reports will be reviewed to evaluate the firm's methodology, technical rigor, clarity of findings, risk-rating approach, quality of recommendations, and adherence to recognized cybersecurity standards and best practices.
- The firm must have the current ISO 27001 Certification
- Submit the firm’s organogram to demonstrate the firm’s technical and managerial capability;
- The consulting firm must demonstrate the ability to field a team of experts with the required qualifications and experience for the assignment. These shall include at least: Team Leader / Senior Cybersecurity Consultant (1), Two (2) Penetration Testing Experts, Two (2) Cybersecurity Risk and Compliance Analysts, and Two (2) Systems and Infrastructure Security Experts.
The attention of interested consultants is drawn to Section III, paragraphs 3.15, 3.16, of the World Bank’s ‘Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025 (Procurement in investment Project Financing; Goods, Works, Non-Consulting and Consulting Services), setting forth the World Bank’s policy on conflict of interest.
Consultants may associate with other firms to enhance their qualifications, but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected.
A consultant will be selected in accordance with the Least Cost Selection method set out in the World Bank Procurement Regulations “Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025”.
Further information can be obtained at the address below during office hours at the address below 08:00 to 17:00 hours from Monday to Friday at the address given below.
Expressions of Interest (One original plus two copies) must be delivered in a written form to the address below (in person or by e-mail) on or before 8th July 2026 at 11:00am Consultants not located in the Country may submit their REOIs through the provided email address.
The packages must be clearly marked as; “Expression of Interest for Consultancy services to conduct an External audits, vulnerability, and penetration testing.”
The Procurement Officer,
National Information Technology Authority-Uganda Palm Courts, Plot 7A Rotary Avenue,1st Floor Kampala-Uganda,
Email: steven.batte@nita.go.ug
Any form of canvassing or lobbying for the tender shall lead to automatic disqualification.
EXECUTIVE DIRECTOR.
Data provenance
This notice is sourced from WB - World Bank and was originally published on June 25, 2026. Last refreshed today. Reference: OP00453310. BidsFactory mirrors official procurement notices and links back to the source for full legal text.
About Uganda Digital Acceleration Project - GovNet
Uganda Digital Acceleration Project - GovNet has issued 31 procurement notices on BidsFactory, including 5 currently open and 26 awarded contracts. Activity concentrates in Information & Communication Technology, Construction & Civil Works, and Finance & Banking. All notices are published for Uganda. Notices are distributed via WB - World Bank. Most recent publication: June 25, 2026.
Frequently asked questions about this tender
How can I submit a bid?
Visit WB - World Bank to access the full notice, required documents, and submission instructions. Quote reference OP00453310 when communicating with the contracting authority.
When does this tender close?
The submission deadline is July 8, 2026. You have 11 days left to prepare and submit your proposal to the contracting authority.
Who is the contracting authority?
This notice was issued by Uganda Digital Acceleration Project - GovNet in Uganda. The authority is responsible for evaluating bids, awarding the contract, and managing performance.
What type of contract is this?
This is a Consulting contract in the Information & Communication Technology sector. The classification helps bidders match the opportunity to their qualifications and registered scope of supply.
Where will the contract be performed?
The contract is for delivery in Uganda. Foreign bidders should review local registration, taxation, and any in-country presence requirements before submitting.
Find tenders like this automatically
Set up alerts and filters that match your business — never miss a relevant opportunity again.