Fairtrade Africa
Terms of Reference: Pentest and Vulnerabilty Assessment - 2023
Fairtrade Africa (FTA) seeks responses from suitably qualified business partners/consultants with a proven track record of managing IT security and conducting vulnerability assessment and penetration testing services on behalf of institutions seeking such services. The service providers are required to provide professional services and to demonstrate the right level of skills and experience for the services required. The bidders must provide vulnerability management and Penetration testing services to the Fairtrade Africa (FTA).
BACKGROUND
Fairtrade Africa (FTA) ICT Dept is mandated to ensure that known weaknesses in the IT environment are identified and mitigated. The FTA IT environment consists of both hardware and software and has approximately 30 IP devices. The network includes wired and wireless LAN.
The FTA requires a Vulnerability assessment and Penetration testing service to provide a holistic vulnerability management across all system platforms to manage vulnerabilities caused by software flaws, errors in application configuration, security architecture deficiencies and process flaws.
The duties of which will include the understanding of the overall security posture, identify, reduce the risk, streamline and manage IT Vulnerability Management across the FTA IT environment.
SCOPE OF WORK
Category A – Vulnerability Assessment Services
The Supplier shall provide vulnerability assessment Services including but not limited to the following:
• Catalogue FTA Information Technology (“IT”) assets and resources (e.g., applications, endpoint
devices, network and servers), etc.;
• Assess current network security measures to identify any vulnerability exists in our network architecture;
• Conduct external and/or internal vulnerability scans to identify any security vulnerability exists in
FTA asset and resources;
• Conduct web application security assessment;
• Conduct wireless security assessment;
• Conduct personal security awareness assessment; and
• Report security issues that pose an imminent threat are to be reported to FTA as they are being identified.
Vulnerability Assessment Services Reporting and Presentation
Upon completion of each Service, the Supplier shall provide the FTA with a vulnerability assessment report which includes the following information at a minimum:
• Executive summary;
• Scope of Service;
• Detailed results of identified vulnerabilities;
• Detailed explanation of the implications of the identified vulnerabilities, business impact and potential risks;
• Detailed steps of immediate mitigation;
• Recommended high risk areas for FTA immediate attention, as applicable; and
• Deliver presentation to FTA, as requested.