BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY

Similar documents
The Development of a Statement of User Requirements for a Comprehensive Document Management System

TENDER SUBMISSION FORM 1

Casework Technical Support (Social Welfare - Project Management)

BALLYMUN REGENERATION LTD. INSTRUCTIONS TO APPLICANTS

REGISTRATION FOR SUPPLY, DELIVERY, INSTALLATION, REPAIR AND MAINTENANCE OF AIR CONDITIONERS SERVICE PROVIDERS

REQUEST FOR PROPOSAL

PRE-QUALIFICATION FOR PROVISION OF TEAM BUILDING CONSULTANCY SERVICES TENDER NO. KPPF /HRA-B/1-A/22/17-18

FOR THE PROVISION OF A TEAMBUILDING FACILITATOR TO CARRY OUT TEAM BUILDING PROGRAMME FOR EXECUTIVES, SENIOR MANAGEMENT AND RETAIL LEADERSHIP.

Annexure B Section 22

PREQUALIFICATION DOCUMENT FOR SUPPLY OF DISPENSERS, DRINKING WATER AND DISPOSABLE - TENDER NO KENAS NO/28/2013/2015

An evaluation of the Irish Remote Interpreting Service (IRIS) Request for Tenders

OPEN CALL FOR CONSULTING SERVICES

Venue for World Water Week in Stockholm

PEDO PAKHTUNKHWA ENERGY DEVELOPMENT ORGANIZATON. Government of Khyber Pakhtunkhwa, PAKISTAN

Supply of Office Furniture, Fittings, Furnishings & other Equipments.

Invitation to tender. Provision of External Audit Services

Request for Proposals (RFP) The provision of labour law specialist services for subsidised public transport contracts to the CSIR

REQUEST FOR PROPOSAL. Internal Audit Services RFP NO: RFP/SASSETA/

Instructions to Tender for Open Invitation to Tender -

PREQUALIFICATION OF BIDDERS FOR SUPPLY/PROVISION OF GOODS, SERVICES AND WORKS FOR 2016 FINANCIAL YEAR ENDING DECEMBER 2016 CATEGORY CHS/..

Quaid e Azam Solar Power (Pvt.) Ltd

PCO for World Water Week in Stockholm

SAI Global Full Service Team

Section 22. Scope of section. Accreditation. Eligibility Criteria

TENDER DOCUMENT FOR PROVISION OF EXTERNAL AUDIT SERVICES

THE ARAB REPUBLIC OF EGYPT. Enterprise Resourcing Planning system Procurement, Project Implementation and Supervision

UNIVERSAL SERVICE FUND CO (USF) Request for Application PREQUALIFICATION OF INSTITUTES FOR THE BOARD OF DIRECTORS ORIENTATION AND LEARNING PROGRAMME

Deadline for documents submission June 11, 2009 before 12:00 hours (local time)

TERMS OF REFERENCE FOR THE APPOINTMENT OF A SERVICE PROVIDER TO RENDER AN INTERNAL AUDIT SERVICE

CONSULTANCY SERVICES TO EVALUATE CURRENT ASSESSMENT PROGRAMMES AND CONDUCT A NEEDS ASSESSMENT FOR THE NATIONAL ASSESSMENT PROGRAMME MARCH MAY 2016

SAMOA INSTITUTE OF ACCOUNTANTS QUALITY ASSURANCE (QA) FOR AUDIT REVIEWER (CONTRACTOR SERVICES)

INVITATION TO TENDER FOR

PRE-QUALIFICATION OF SUPPLIERS PROVISION OF FUMIGATION, SANITATION AND SANITAL DISPOSAL SERVICES TENDER NO.KPLC1/5BC/9A/PT-ST/113/2010

BANK OF UGANDA. Republic of Uganda BIDDING DOCUMENT

PRE-QUALIFICATION QUESTIONNAIRE PUBLIC PRIVATE PARTNERSHIP TRAINING PROVIDERS

Invitation to Tender. Development Legal Services. August 2015

ACKNOWLEDGMENT OF RECEIPT OF ADDENDUM NO.

QP 02 Audit and Certification Procedure

PRE-QUALIFICATION QUESTIONNAIRE TRAINING PROVIDERS IN MERGERS AND ACQUISITIONS

Title: Supply & Laying of Waterproofing to Factories & Offices at Various industrial estates Reference: MIP/TQF/GEN/D34/12

Bangalore International Airport Limited INFORMATION DOCUMENT

REQUEST FOR PROPOSAL Implementation of Risk Based Supervision

Pre-qualification for Technical Services Questionnaire. Part A Indicate the item codes, and descriptions of the work you are applying for:

KERIO VALLEY DEVELOPMENT AUTHORITY

PROCEDURE CITY OF GRANDE PRAIRIE PURPOSE SCOPE PROHIBITIONS:

STATE DEPARTMENT FOR MARITIME AND SHIPPING AFFAIRS

BID REQUEST. External Quality Assessment Services against the Fair Trade Tourism Standard and Certification System March 2018

REQUEST FOR PROPOSALS (RFP) - Project for Data Cleaning of Industrial Property Documents of Indonesia

Open Call for Consultancy Services. Reference Number:

Bangalore International Airport Limited INFORMATION DOCUMENT REQUEST FOR PROPOSAL (RFP) For

Invitation For Expression Of Interest For Providing Project Management Consultancy Services At Vidyasagar Industrial Park at Kharagpur In West Bengal

PRE-QUALIFICATION OF HARDWARE AND ELECTRICAL ITEMS SUPPLIERS FOR YEAR PRE-QUALIFICATION DOCUMENT

2. Provide a revised bid form which includes revised language in Section II, Bidder Responsiveness Section. (attached to this Addendum 1)

REPUBLIKA E SHQIPERISE BASHKIA HIMARE

KENYA LITERATURE BUREAU PRE-QUALIFICATON/ REGISTRATION OF SUPPLIERS FOR GOODS, WORKS AND SERVICES FINANCIAL YEAR PREQUALIFICATION NO:

DIRECTORATE OF EXAMINATIONS ADMINISTRATION AND CERTIFICATION INVITATION TO TENDER FOR

North American Development Bank. Engagement of Consultants

Section 6: Returnable Bidding Forms / Checklist

DIRECTORATE OF CORPORATE SERVICES INVITATION TO TENDER FOR

EoI No.: WAP/H-3082/CSEZ/ /17; Dated September 15, 2018 NOTICE INVITING. EXPRESSION OF INTEREST (EoI) for

GOVERNMENT OF KENYA. Issue Date: 20 November, 2018 Closing Date: 28November, 2018, at 10.00am.

GOVERNMENT OF KENYA. Issue Date :20 November 2018 Closing Date 28 December 2018, at 10.00am.

CAPITAL ASSET MANAGEMENT LTD (THE COMPANY )

Audit and Risk Management Committee Charter

Instructions to Tender for Open Invitation to Tender -

EoI No.: WAP/H-3082/CSEZ/ /15; Dated September 15, 2018 NOTICE INVITING. EXPRESSION OF INTEREST (EoI) for

TERMS OF REFERENCE APPOINTMENT OF A PANEL OF SERVICE PROVIDERS SPECIALIZING IN THE INFORMATION AND COMMUNICATIONS TECHNOLOGY SECTOR

English Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction

ANNEX I - TENDER SPECIFICATIONS ATTACHED TO THE INVITATION TO TENDER


Bangalore International Airport Limited INFORMATION DOCUMENT

PARTNER / SUB-CONTRACTOR DUE DILIGENCE QUESTIONNAIRE

LIQUEFIED NATURAL GAS LIMITED

DEVELOPMENT OF AN ONLINE HARMONIZED CUSTOMS AND EXCISE TARIFF DATABASE AND REFERENCE TOOL. Tender Number: SACU/014/2018/O

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

MALAWI COMMUNICATIONS REGULATORY AUTHORITY

Environmental Planning & Coordination Organization

All required information must be completed in full, in ink, or typewritten.

CHAPTER AUXILIARY SERVICES. Prequalification of Contractors for Educational Facilities Construction 8.272

Invitation to Tender. External Audit Services. July 2015

Procurement Notice. Expressions of Interest (EOI) For Printing of Ballot Papers And Voter Registration Books

ROAD DEVELOPMENT AGENCY

Audit and Risk Committee Charter

REQUEST FOR EXPRESSIONS OF INTEREST 5006 EOI DETERRENT PROGRAM FOR SNOW GEESE CONTROL

SUGGESTED SOLUTIONS Audit and Assurance. Certificate in Accounting and Business II Examination March 2014

EXPRESSION OF INTEREST

Preparation of Risk Register

MG ALBA PROCUREMENT POLICY AND SCHEME OF TENDERING

Invitation to Negotiate

Roma Integration 2020

Government of India Ministry of Textiles, Textiles Committee P Balu Road, Prabhadevi Chowk, Prabhadevi Mumbai

Tender for Engagement of Chartered Accountant CONTENTS

11 June h00 Closing date for delivery of quote 19 June Contact Person

WEBEL TECHNOLOGY LIMITED

Employee Privacy Statement

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION CITRIX SUPPORT SERVICE RAF /2014/ Date: 13 February 2014

INVITATION FOR REQUEST FOR INFORMATION (RFI) : OFFICE FURNITURE SUPPLIES

AWE LIMITED ACN

Level 6 NVQ Diploma in Construction Contracting Operations Management

Transcription:

BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY EXPRESSION OF INTEREST FOR APPOINTMENT AS A CERTIFYING AGENT FOR ELECTRONIC RECORDS FOR BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY REFERENCE NO. BOCRA/PT/016/2017.2018 Friday 16 th March 2018 BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY PRIVATE BAG 00495 GABORONE PLOT 50671, INDEPENDENCE AVENUE, GABORONE PROCURING ENTITY BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY 1

SECTION 1 Terms of Reference TERMS OF REFERENCE FOR THE EXPRESSION OF INTEREST FOR APPOINTMENT AS A CERTIFYING AGENT FOR ELECTRONIC RECORDS 2

1. BACKGROUND, PURPOSE AND SCOPE OF SERVICES 1.1 Introduction Botswana Communications Regulatory Authority (BOCRA or the Authority) was established through the Communications Regulatory Authority Act, 2012 (CRA Act or the Act) on the 1st of April 2013 to regulate the communications sector in Botswana comprising Telecommunications, Internet and Information and Communications Technologies (ICTs), radio communications, broadcasting, postal services and related matters. The CRA Act replaced the Broadcasting Act [Cap 72:04], the Telecommunications Act [Cap 72:03], and caused the amendment of the Postal Services Act to create a converged regulatory authority for the communications industry. The Electronic Records (Evidence) Act No. 13 of 2014 allows for the admissibility and authentication of electronic records as evidence in legal proceedings and admissibility in evidence of electronic records as original records. As per Section 5 of the Act, nothing in the rules of evidence shall apply to deny admissibility of an electronic record as evidence because it is an electronic record. Section 6(2) of the Act designates BOCRA as the Certifying Authority. The Electronic Records(Evidence) Regulations of 2016 establish an approved process for the certification of electronic systems. Unless otherwise provided in any other written law, where an electronic record is tendered as evidence, such an electronic record shall be admissible if it is relevant and if it is produced in accordance with this approved process. 1.2 Scope of Work BOCRA herein referred to as the Certifying Authority invites interested parties to be appointed as Certifying Agents. The Certifying Agents will review and certify electronic record systems of any organisation (herein referred to as the applicant) who seeks to certify the integrity of their electronic record systems in accordance with the Electronic Records(Evidence) Act, 2014 and the Electronic Records(Evidence) Regulation, 2016. 1.2.1 Duties of a Certifying Agent Upon appointment as a Certifying Agent by the Certifying Authority, the Certifying Agent is expected to execute the following duties in accordance to the Regulations: 3

1.2.1.1 A Certifying Agent shall review a process or part thereof against the compliance criteria, report his findings to the Certifying Authority and recommend the type of certificate, if applicable, that the Certifying Authority ought to issue. 1.2.1.2 A Certifying Agent shall ensure that in reviewing any process it complies with the following conditions 1.2.1.2.1 be independent and be seen to be independent of the person or organisation seeking certification, the service provider of the process, and the vendors of the electronic records system(s), which form(s) part of the process; 1.2.1.2.2 have a sufficient number of professionals with adequate experience and qualifications in the evaluation of the process, including computer systems security; 1.2.1.2.3 carry out its duties independently and without fear or favour; 1.2.1.2.4 ensure that the review procedures have been properly carried out and meticulously documented; 1.2.1.2.5 comply with such other directions as the Certifying Authority may issue in writing in relation to the procedures for ensuring compliance; 1.2.1.2.6 establish its risk management and review processes as per the guides to be provided by the Certifying Authority; and 1.2.1.2.7 keep proper records and reports of the review process. 1.2.1.3 A Certifying Agent shall obtain from the appropriate parties, who provided information in the review process, and in the case of an organisation being reviewed, the management and individuals of the organisation, written representations to both the Certifying Authority and the Certifying Agent that: 1.2.1.3.1 The party has not provided information, which he or she knows to be false, ought to know to be false, or does not reasonably believe to be true; and 1.2.1.3.2 The party has not willingly withheld information, which he or she ought to know is relevant to the certification. Certifying Agents must perform their work diligently and safeguard the interests of the Certifying Authority and themselves. 4

1.2.2 Compliance Criteria for an Approved Process The Electronic Records (Evidence) Act, 2014 and the Electronic Records (Evidence) Regulations, 2016 set out the compliance criteria applicable in the certification of an approved process. Each given criterion must be satisfied, as appropriate, through a combination of both the design of the control and operational effectiveness of the control, for the period the electronic record resides in the computer system. If a given criteria cannot be satisfied through controls, then its risks must be reasonably compensated by other criteria in this section. A Certifying Agent must satisfy itself regarding the controls surrounding and within that electronic records system that would ensure the integrity of the relevant electronic records. The controls include but are not limited to the following interdependent areas: 1.2.2.1 PART 1 Computer System Security Objective The objective of this Part is to provide a set of compliance criteria that will reasonably ensure that the electronic records in a computer system are secured and accessible. Compliance criteria The criteria in this Part are organised into two groups: (a) Information Technology processes (also commonly known as IT General Controls); and (b) Technical security. Information Technology processes Organisation structure and individual roles and responsibilities reasonably ensure that Information Technology controls are effectively enforced. Illustration of controls: 5

(a) An independent and competent Information Technology function acts as the custodian and operates the computer system; (b) Security policies and procedures exist and are complied with; and (c) Segregation of duties is enforced within Information Technology to separate application development, security administration and production system operations. Access to programs and data are authorised and monitored. Illustration of controls: (a) Physical access restrictions to system and terminals; (b) Controls are effective over provisioning, changing and removing of user Identity Document and access rights at system, database and application levels; (c) Controls are effective over activation and monitoring of emergency Identity Documents; and (d) Security audit logs are checked. Changes to system configuration, application programs and data are authorised and monitored. Illustration of controls: (a) Production environment is isolated and secured; (b) Source codes of applications are secured or not accessible; (c) Changes are approved, checked and tested; and (d) Audit trails are checked. Computer operations are genuine and monitored. Illustration of controls: 6

(a) Use of batch jobs is controlled; and (b) Backups used to ensure availability and accessibility of electronic records. Technical security a) Network has been secured to prevent unauthorised access to electronic records. b) Computer system has been secured at the operating system level to prevent unauthorised access to electronic records. c) Database has been secured to prevent unauthorised access to electronic records. 1.2.2.2 PART II Application System Security Objective The objective of this Part is to provide a set of compliance criteria that will reasonably ensure that the electronic records in an application system are secured and accessible. Application system security can only be relied on if there is reasonable computer system security. Compliance criteria a) User access controls reasonably restrict users to functions appropriate to their job roles and enforce segregation of duties. b) Input controls reasonably ensure the accuracy of data. Input controls would be relevant if the evidence presented is relating to data or interpretation of data. c) Processing controls reasonably ensure the accuracy of information produced. Processing controls would be relevant if the evidence presented is automatically generated or has been processed by the application system. d) Output controls reasonably ensure that the electronic records presented are what they are in the system. 7

Illustration of controls: (a) Query and reports are produced based on correct parameters and logic; and (b) Output is directly from the system and not subject to human interventions. 1.2.2.3 PART III Business Process Controls Objective The objective of this Part is to provide a set of compliance criteria that will reasonably ensure that the electronic records are genuine, complete, upto-date and correct. Compliance Criteria a) Segregation of duties is designed to provide assurance that records are genuine and correct. b) Maker and checker controls are used to ensure sensitive records are correct. c) Reports checking, and reconciliation controls ensure that information is correct. 1.2.2.4 PART IV Document Imaging Controls Objective The objective of this Part is to provide a set of compliance criteria that will reasonably ensure that electronic images of physical documents are correct representations of the physical documents. Compliance criteria a) The electronic images are produced in the normal course of business. b) Quality control method is applied to the document imaging process to ensure that the electronic document images are correct representations of the original documents, and that the relevant metadata (such as 8

document Identity Document, data and time) and indices are coded correctly. c) The electronic images are protected against subsequent malicious alterations and deletions. d) The metadata and indices that are relevant to the electronic images and used to ensure the correct retrieval of images are equally protected against malicious alterations and deletions. e) There is a means to verify that the electronic document images have come from the document imaging process that complies with the criteria in this Part. 1.2.2.5 PART V Retrieving and Preparing Evidence Objective The objective of this Part is to provide a set of compliance criteria that will reasonably ensure that the electronic records produced as evidence come from the systems and processes that are the subject of the certification exercise. Compliance criteria a) The process for retrieving and preparing the evidence has been documented. b) The retrieval and preparation process has been witnessed. c) There is proof that the evidence is directly produced by the systems and processes. 1.2.2.6 PART VI Secure Electronic Signatures Objective The use of secure electronic signature can prove that an electronic document or record has not been modified since the time the secure electronic signature is applied. The objective of this Part is to provide a set of compliance criteria that will reasonably verify that secure electronic signature has been effectively applied. Compliance criteria 9

a) The secure electronic signature used is one that is reasonably appropriate considering the nature and risk of the electronic documents or records it is being applied to. b) The secret keys used to generate the secure electronic signature are reasonably secured and safe-guarded against unauthorised disclosure. c) A process exists to reasonably ensure that the secure electronic signature is applied to the electronic documents or records at a time of relevance. d) A process exists and is used to verify the secure electronic signature at the time of retrieval of the electronic documents or records. 1.3 Period of appointment of a Certifying Agent A certifying agent shall be appointed for an initial period of 3 years from contract award and it may apply for extension/ renewal of the appointment for subsequent periods of 3 years. 1.4 Revocation of an appointment 1.4.1 The appointment of a Certifying Agent may be revoked, suspend or the renewal thereof rejected if the Certifying Agent: a) is in breach of any provision of the Electronic Records (Evidence) Act and/or the Electronic Records (Evidence) Regulations or directions issued by the Certifying Agent; b) is in breach of any condition in the contract with the Certifying Authority; c) or any person employed by the agent for the purposes of the agent s business has been convicted of an offence the conviction for which involved a finding that the agent or any of its employees acted fraudulently or dishonestly; d) becomes an undischarged bankrupt or has made a composition or an arrangement with the agent s creditors; e) is during being wound up or liquidated or has entered into a compromise or scheme of arrangement with its creditors; f) has a receiver or a receiver and manager appointed to the Agent; 10

g) does not have sufficient persons with the qualifications and experience to perform the duties in connection with the certification for an approved process; h) the staff level or expertise falls below to a point where it compromises the certifying agent s ability to fulfil the functions they have been appointed to carry out or i) is guilty of improper conduct or has brought discredit to certification community. 1.4.2 If the appointment of a Certifying Agent is revoked, suspended or terminated, the Agent shall forthwith submit to the Certifying Authority all certificates, records and reports of the certification process. 1.5 Review Report The Certifying Agent will review the applicant against the specified criteria as stipulated in section 1.2.2 above and any other method that would allow it to adequately review the integrity of the applicant s electronic record systems. The report should clearly indicate the decision of the Certifying Agent to allow the Certifying Authority to award a certificate to the Applicant based on the table below. Type Unqualified Unqualified notes Qualified with Conditions The Certifying Authority is satisfied that the electronic records met all compliance criteria The certifying authority is satisfied that the electronic records met all compliance criteria, but has comments for considerations and to be put on the records The certifying authority is generally satisfied that the electronic records have met [all] compliance criteria except in 11

Qualified serious constraints Abstained with some specific areas that may affect the integrity of the electronic records The certifying authority noted areas of non-compliance or inability to verify compliance, which may cast doubt over the integrity of the electronic records The certifying authority was unable to verify that the compliance criteria have been met and would not testify to the integrity of the electronic records 1.6 Eligibility Bidders should be registered in Botswana, in case of a joint venture one of the partners must be registered in Botswana. Bidders must demonstrate the following: 1. the ability and track record for performing technical IT security reviews. 2. the ability and track record for assessing the strengths of process controls 3. reasonable quality control process to ensure that the outcome of the certification is justifiable. 4. Reasonable risk management process to reduce client and engagement risks that would protect the reputation of BOCRA and the community of certifying agents. 1.7 Team Experience and Skills 1.7.1 Team Competencies 12

Bidders should have the following specific competences: Management level staff, who would reasonably be expected to understand risk management, provide oversight to the certification process, enforce methodologies and processes, and be accountable for the certification conclusions. Operational staff, who would reasonably be expected perform fieldwork and identify security concerns; formal academic qualifications or professional training or extensive experience indicating general capability to carry out complex tasks in an intelligent manner; at least four years full time practical workplace experience in Information Technology, of which at least two years have been in a role or function relating to relevant, information security including risk assessment/ management, network security, and physical security; knowledge of audit principles, practices and techniques in the field of network security and risk assessment/management gained in a training course of at least five days; and knowledge of any applicable standards and frameworks, publicly available specifications including standards for IT product evaluation i.e. ISO 27001:2013 and ISO 27002:2013. Technical expertise in the area from either a full-time member of the team or one that is engaged as and when needed. 1.7.2 Team Experience Documentation Bidders shall also include the following information in their proposals: 1.7.2.1 The Bidder shall use the CV template/form enclosed to provide: A detailed CV of the Project Manager and key members of the Bidder s team; 13

CVs of all team members must indicate their nationality and Identification numbers. Experience of the team members in performing the requested services; 1.8 Skills Transfer Where the Bidder will be utilising non-local skills, the Bidder shall outline plans on how skills transfer and training of local staff shall be carried out. The team will therefore be a specialised team of experts and should preferably in time comprise of mainly local experts. Bidders should state how they intend to share knowledge to the rest of the local field, this could include but not limited to arranging and participating in training courses, provided that these courses relate to risk assessment/management, security controls or auditing. 1.9 Talent Management The successful Bidder shall establish, implement and maintain a procedure for management of competencies of personnel involved in the review and certification process. The procedure shall require the Bidder to: determine the criteria for the competence of personnel for each function in the review process, considering the requirements of the certification process/ criteria; demonstrate that the personnel have the required competencies for the duties and responsibilities they undertake; formally authorise personnel for functions in the review process; and monitor the performance of the personnel. 1.10 Training The successful Bidder shall have criteria for the training of teams that support the ability to demonstrate competence in: knowledge IT governance standards and other relevant publicly available specifications; IT records management systems 14

understanding of risk assessment/management and information security including network security issues; understanding of risk assessment and risk management from the business perspective; technical knowledge of the activity to be reviewed; and knowledge of security policies and controls. 1.11 Organisation experience 1.11.1 The bidding company must also submit the following particulars; i) Name of the Company and its physical and postal Addresses ii) iii) Name of the Directors and Shareholders (a) Registration No. (b) Auditing Firm (Please provide a copy of certificate the relevant Registration Authority) iv) Date of Incorporation v) Current composition of the Company, experience and expertise of personnel (human resources, and any other relevant information) vi) Audited Financial Statements vii) Recent list of the Companies and other Institutions at which you have rendered similar services (attach list separately) viii an overview of the company structure covering subsidiary ) companies, holding companies, financial backers. ix) The locations of depots, agents and service centres appropriate to the supply of the services outlined in this document shall be included in this overview. x) Where response is being submitted by a group of companies or the prime contractor, the relevant details for each of the 15

partners or sub-contractors should also be submitted in a manner like the main Bidder. However, it must be noted that the full responsibility of the work will be with the main Bidder. In a case of as a Joint Venture, the Bidder should clearly state which roles each entity would be responsible for. The Bidder shall be responsible for all activities outsourced to another entity. 1.12 Methodology The Bidder shall provide a proposal setting out its methodology, including the way the Services are to be provided to ensure that the deliverables and any requirements of the Terms of Reference are met. At a minimum, the Bidder is expected to provide their audit process approach that would show how the plan for and the date of the audit shall be agreed to with the Applicant. The Bidder may adopt reporting procedures that suit its needs but as a minimum these procedures shall ensure that: a meeting takes place, prior to leaving the applicant s premises, between the audit team and the applicant s management to which the audit team provides: o a written or oral indication regarding the conformity of electronic record systems with the criteria against which the audit has been carried out, and o an opportunity for the applicant to ask questions about the findings and their basis; and the audit team leader provides a report of its findings as to the conformity of the applicant s electronic record systems to the criteria against which the audit has been carried out. The Bidder shall have procedures, which are able to verify if the applicant has established an audit programme or passed other external audits or certifications for the different sites, providing enough evidence that all site relevant requirements, specified in the criteria against which the audit is carried out, are fulfilled. The Bidder audit procedures shall not presuppose a manner of implementation of a trust service or a format for documentation and records. 16

Audit procedures shall focus on establishing that an applicant s electronic record systems meet the requirements specified in the criteria against which the audit is carried out. The audit plan shall identify both the computer assisted auditing techniques and the network-assisted auditing techniques that will be utilized during the audit, as appropriate. NOTE: Network assisted auditing techniques can include, for example, teleconferencing, web meeting, interactive web-based communications and remote electronic access to the trust service documentation and/or trust service processes. The Bidder shall include in their proposal all aspects of quality assurance of the proposed deliverables. 1.13 Fees BOCRA is seeking proposals for affordable review and certification of electronic records from qualified and reputable companies who can be appointed as Certifying Agents. The Bidder should specify its estimated audit costs in Botswana Pula for performing required audits inclusive of relevant taxes: including hourly rates, and possible expenses. The fees will be paid by the Applicant. Bidders may specify any ancillary Services that they are able to provide that will add value to the Services requested in this EOI or which the Bidder believes are necessary for this tender. The cost of the Ancillary Services shall be shown separately in the Financial Proposal. The Bidder shall have adequate arrangements (e.g. insurance or reserves) to cover liabilities arising from its operations. It shall also have the financial stability and resources required for its operations. 1.14 Evaluation Criteria 1.14.1 Scores for the Technical Evaluation 17

Evaluation Criteria Maximum Attainable Points Specifications 25 points [Assess whether proposed bid meets tender specifications] Organisational Capability& Experience 20 points [marks to be awarded on evidence of Bidder having undertaken similar projects, market experience, reputation, references] Team Experience [assess level of relevant qualifications and experience] 20 points Approach and Methodology (Marks awarded for detailed steps shown to fulfil the objectives, timeframe) Citizen Participation TOTAL 25 points 10 points 100 points 1.15 Citizen Participation Bidders must define the level of citizen involvement in this tender by clarifying the citizens roles. Non-citizen companies partnering with citizen companies and or individuals should clearly define the roles of the citizens in their bidding team. Each Bidder must indicate clearly the nationality of its Shareholders, Directors, Audit Partners, and team members. In addition, the Bidder must enclose the proof of citizenship for its Shareholders, Directors Audit Partners, and team members e.g. Omang or passport. A maximum of ten (10) points will be awarded to each Bidder based on the level of participation of citizens in the project. The points shall be awarded in the following manner for citizen team members with technical responsibility in the tender, 18

0% citizen participation in project team = 0 points >0 50% citizen team members = 1-4 points >50% - 75% citizen team members = 5-7 points >75% - 100% citizen team members = 8-10 points 2. Contact Person Interested organisations requiring clarification should write to the Procurement Department: Ms Katlego Ramputswa Email: procurement@bocra.org.bw Tel: 3957755/3685500 Fax: 3957976 3. Bid Submission Requirements Bidders responding to the EOI must submit their proposals that should at least contain the following information: Description of the process the Bidder will follow in performing the audit required by the applicant. Time required to finalise the audit. Layout/structure of audit reports. Proposals on how to successfully structure the legal relationship between BOCRA, Bidder and Applicant to avoid litigation and ensure payment of the Bidder by the Applicant. The resources that will be utilised to perform the audits. Any other information in support of or to elucidate the proposal. Knowledge, experience and skills of proposed team. The bid should include curricula vitae of all personnel whom the Bidder proposes to use in carrying out the audits. 19

The Bidder should submit a Project comprehension and management plan, setting out: Its understanding of the Terms of Reference; How the Bidder proposes to manage the set of deliverables outlined in the Terms of Reference; A proposed Work Plan with time-table regarding the audits and reports; How the auditing team members will be supervised; Any innovative ideas for how the whole assignment can best achieve its objectives. 4. Submission Format Proposals should be bound and enclosed in an envelope clearly marked to the attention of BOCRA as follows: BOCRA/PT/016/2017.2018 APPLICATION FOR APPOINTMENT AS A CERTIFYING AGENT FOR ELECTRONIC RECORDS FOR BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY Postal Address Botswana Communications Regulatory Authority Private Bag 00495 Gaborone Physical Address BOCRA Head Office Plot 50671, Independence Avenue 5. Deadline 20

Proposals should be hand delivered to BOCRA Head Office on or before 12:00hrs on Friday 16 th March 2018. 6. Acknowledgement 6.1 Proposals will be assessed, and responses will only be sent to applicants who would have submitted by the closing date. 6.2 Nothing in this invitation is to be construed as creating any binding contract. 21

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback