Академический Документы
Профессиональный Документы
Культура Документы
TERMS OF REFERENCE
Africa Re has invested in a IT infrastructure upgrade which, upon completion, will see the corporation
have a primary data centre in Lagos, Nigeria and a redundancy/recovery site in Casablanca, Morocco.
Both of these sites are hosted by 3rd parties. All the six regional offices of Africa Re and two subsidiaries
will connect to the primary data centre for daily business operation and to the recovery site via dedicated
VPN links in case of a disaster . All the core business applications will be implemented at the Primary
site and automatically replicated at the Recovery sites with the data mirrored on a continuous basis. The
regional office locations and subsidiary locations will however maintain network insfrastructure and
communication systems to enable them connect with either of the primary or recovery data centres. The
corporation has also outsourced the hosting of its email system and website to 2 different offshore
companies, each with their own redundancy sites.
The consultant is expected to review the entire IT system infrastructure and operations at the primary
site, the recovery site and selected regional office locations and assess its robustness in meeting
anticipated objectives. The consultant will be required to adhere to the terms of reference stated below
and where necessary expand the scope. The specific tasks the consultant is expected to carry out include:
The ICT Audit at these locations shall include, but not be limited, to the following:1) IT Governance Audit
a) Alignment of IT and business strategy
b) Delivery of IT services in line with business requirements
c) Long term and short term IT strategies
d) Review of IT Budgets for the last three years
e) IT training schedules
f) Assessment of IT Steering Committee activities
g) IT skills assessment
2) Operating System (OS) for applications, databases and network equipment
Review
a) Logical access controls
b) User access management & security
c) Set up and maintenance of system parameters
d) Patch and update management
e) Benchmarking of security configuration
f) Network access control
g) Intrusion prevention & detection systems
3) Applications and databases security review
a) Logical access controls
b) User access management & security
c) Set up and maintenance of system parameters
d) Patch and Update Management
e) Benchmarking of security configuration
4) Review of IT Processes and operations
a) IT asset management (acquisition and disposal of IT equipment)
b) Help Desk
c) Information systems acquisition, development and maintenance
d) IT incident management
e) Network performance management
f) Backup & media management
g) Enterprise antivirus management
h) Vendor selection
i) Third party service delivery management
5) Security Management
a) IT security policies alignment with ISO27001:2013
b) Information security roles and responsibilities
c) Vulnerability management practices
d) Applications security configurations & management
e) LAN and Wireless LAN security
f) Mobile computing security review
2/4
DELIVERABLES
The prime deliverable is a comprehensive ICT Audit Report that includes the following at the minimum:
Executive Summary
Strong points identified
Weaknesses Identified
Conclusions
Recommendations for improvement
Action plan to guide the implementation of the recommendations
PROJECT MILESTONES
Inception Report: The consultant will submit an inception report within 7 days after commencement and
after consultations with key stakeholders.
Draft Report to be submitted midway through the project. The draft report should have detailed analysis
of the project status, a proposed plan for presentation, discussion and adoption of the recommendations.
Final Report to be submitted 1 week after receiving comments from the corporation.
3/4
facsimile or email to all invited consultants and will be binding on them. The corporation may at its
discretion extend the deadline for the submission of proposals.
PROPOSAL PREPARATION
Invited consulting firms should submit written proposals that include the following details:
a) Companys Identification Number
b) A brief description of the firms organization and an outline of recent experience on assignments
of similar nature. For each assignment, the outline should indicate inter alia, the profiles of the
proposed staff, duration of the assignment, contract amount and the firms involvement.
c) Any comments or suggestions on the terms of reference, a list of services and facilities to be
provided by the corporation
d) A description of the methodology and workplan for performing the assignment
e) A list of the proposed staff team by specialty, the tasks that would be assigned to each staff team
member and their timing
f) CVs for proposed professional staff. Key information should include professional qualifications,
number of years working for the firm and degree of responsibility held in various assignments
during the last 5 years
g) Estimates of the total staff input needed to carry out the assignment
h) Activity (work) schedule
i) Proposed fees (broken down by activity)
PROPOSAL SUBMISSION
The original proposal shall be prepared in indelible ink. It shall contain no interlineations or overwriting,
except as necessary to correct errors made by the Consultants themselves. Any such corrections must be
initialed by the person authorized to sign the proposals.
The Proposals must be delivered to the submission address indicated below and received by Africa Re no
later than 25th August 2015, or any extension to this date as the case may be. Any proposal received by
the Africa Re after the deadline for submission shall be rejected.
Submission Address:
The Tender Committee
African Reinsurance Corporation
Plot 1679 Karimu Kotun Street
Victoria Island PMB 12765 Lagos, Nigeria
Telephone: (+234-1) 461 6820/461 6828/280 0924/280 0925
Fax: (+234-1) 280 0074
Email: tender@africa-re.com
Yours Sincerely
Ken Aghoghovbia
Deputy Managing Director/COO
4/4