Terms of reference
Title: Review of ICT Policy
Deadline: 19th of August 2022
A local organization is looking for ICT specialists to assist in reviewing its ICT Policy including ensuring that the use of ICT systems is consistent with the principles and values of the organization. The review is an effort by the organization to embrace a risk-based compliance framework in the context of cybersecurity, Information and Computer Technology.
• Ensure the organization’s ICT resources are appropriately used for their intended purposes.
• Establish responsibilities and accountability for Information Security within the organization; and
• Establish processes for addressing policy violations and sanctions for violators.
The key tasks for this consultancy are to professionally review and deliver an ICT Policy with associated practices, policies, and organizational structure.
2.1 Specific Terms of Reference
At a minimum, the Consultant will prepare and execute the following:
I. Complete a comprehensive review and diagnostic analysis of the ICT systems and any existing ICT Governance framework within the organization.
II. Define the current state of ICT Governance and operational/ support structures within the organization. Identify any existing policies/ processes/ practices (‘pseudo governance’) benefits or successes that could be built on, or shared, as well as any inconsistencies in policies, processes, and practices.
III. Develop a detailed implementation plan and schedule, based on the developed overall ICT architecture for the organization including a roadmap for improvement.
IV. Pose recommendations, identify associated benefits, risks, critical success factors and costs. This at a minimum, will: Take into consideration organizational culture, structure, policies, and practices.
V. Align the strategic direction of ICT with the organization ’s business.
VI. Provide a performance scorecard which will underpin and reinforce achievement of ICT Policy objectives.
VII. Undertake a review of the organization’s ICT policy and propose several layers of security using a defense-in-depth approach.
VIII. Working closely with the Team produce a network documentation for the current setup.
IX. Make a presentation amongst Staff members and unpack the I.T policy and clearly outline the guiding principles, procedures, and processes to be followed
X. Submit the reviewed ICT report and policy.
3. Applicant requirements/ Relevant qualifications
• At least minimum of three years’ experience in ICT industry.
• Industry certification and experience in (Microsoft, Cisco, Sophos, Networking, Systems Admin, Backup, Cloud.
• Experience with implementing technology projects
• Educational qualifications in Computer Science, Information Technology, or a relevant ICT technical field.
4. To apply
Persons with the above requirements and qualifications are encouraged to submit a financial proposal, cover letter and Curriculum Vitae, with names of two referees and their contact details (email and phone number) of not more than 5 pages. Applications which do not contain all the above documents will be regarded as incomplete and will not be considered. Applications must be addressed to firstname.lastname@example.org by the 19th of August 2022. The title, Review of ICT Policy should be clearly stated in the email subject. Only shortlisted candidates will be contacted.