More Information
- Experience 2-5
Introduction/background of Tiko
Tiko Africa is an organisation that uses its digital platform called Tiko to motivate users – primarily young women and adolescent girls – to make positive choices. We use nudges like reminders, discounts, in person and digital follow-ups, and reward points to encourage our users to access and use healthy products and services. We also support them in becoming entrepreneurs and adding value to their economies. Tiko Africa’s reward points can be used to redeem products and services at local shops, or as subsidies to cover the cost of sexual and reproductive health (SRH) services, removing the cost to access for the users, who are primarily 15-24 year old adolescent girls and young women (AGYW).
Tiko Africa has operations in the following countries either by having offices or by working through local partners in Kenya, Uganda, Ethiopia, Burkina Faso and South Africa.
Tiko Africa is sourcing for consulting services from a recognised company to perform penetration testing on our systems. The report generated from the test results identify system flaws and highlight the steps that need to be taken to address them. The consultancy will advise on penetration testing methodologies, process and phases, this should be included in the proposal
Scope of work
The scope of the penetration test will include a comprehensive assessment of the Tiko platform:
- Testing of mobile applications (Android).
- Assessment of web-based interfaces and APIs.
- Evaluation of backend services, databases, and server infrastructure.
- Exclusion of physical security assessments or social engineering attacks.
- Testing to be conducted on staging environments to minimise impact on production systems.
The penetration testing should follow a combination of automated scanning tools and manual testing procedures. Testing methodologies will align with OWASP standards, focusing on common vulnerabilities such as injection flaws, authentication bypass, and insecure data storage.
Deliverables
The following to be presented in a report
Description
- Comprehensive vulnerability assessment report
- Executive summary highlighting critical findings and recommendations
- Technical report detailing identified vulnerabilities, severity levels, and remediation steps
- Failed and successful hacking methods.
- Post-engagement support for addressing any queries or concerns
Evaluation criteria
Proposals will be evaluated in two parts. The experience, technical proposal and financial quotation shall bear 70% of the total marks while the references and financial capacity shall bear 30% of the total marks.
- Proposals should make clear about the relevant skills, experience and capacity of the participant, in respect of this particular RFP.
- Proposals must contain the details of the proposed approach to be adopted in order to deliver the service in accordance with the RFP.
- Proposals should clearly indicate whether or not bid participants have the capacity to meet the requirements of the RFP.
- Proposal should clearly indicate compliance with the appropriate data protection, privacy, legal, social, tax and ethical issues applicable to the country
Description
Weight
1.Experience, Skills and Ability
- Past experience in similar work of this nature.
- Team member experience (accompanied by brief CV’s).
- Ability of the bidder to fulfil Tiko Africa’s requirements
Weight: 30
2.Technical Approach and Execution Plan
- Proposals must contain the details of the proposed approach to be adopted in order to deliver the service in accordance with the RFP.
Weight: 40
3.Financial quotation
- Proposals should include a detailed cost breakdown of proposed budget
Weight:15
4.References
- Did the bidder submit at least three relevant and contactable clients that were serviced in the past 36 months.
Weight: 15
Totals Weight: 100
How to apply
Firms and individuals are invited to submit proposals for this engagement. Proposals should include the contents below and not exceed a maximum length of 15 pages, excluding annexures (budget and summary profiles of proposed personnel).
- Cover page: Summary with basic information such as names, address, contact information, proposed budget, etc.
- Capacity statement: A brief capacity statement as to why your firm and the team you are proposing is well positioned to undertake the engagement
- Qualification to the scope of work: Any qualifications that you may have regarding the scope of work
- Proposed approach: Your proposed approach to delivering on the scope of work requirements
- Proposed personnel – The qualifications of the proposed qualifications and their experience.
- Work plan:proposed work plan with tasks, responsible person/s and timeline
- Budget: Total budget envelope required to deliver the work (in Euro), and line-item breakdown of direct costs and overheads
- References of similar engagements undertaken by the firm in the last 5 years
The submission must be clear, concise, and complete. Applicants should submit only such information as is necessary to respond effectively to this request for proposals. Unless specifically requested, extraneous presentation materials are neither necessary nor desired.
Applications/submissions are requested to submit their tender/application documents (technical & financial) proposals to Tiko Africa via mail procurement@tiko.org by end of day 18 November 2024.