Request for Proposals (RFP) - Provision of Vulnerability Assessment and Penetration Testing(VAPT), Data Protection Impact Assessment (DPIA) tender at Prime Insurance Ltd and Prime Life Insurance Ltd
Website :
50 Days Ago
Linkedid Twitter Share on facebook



1) Background 

Prime Insurance Ltd and Prime Life Insurance Ltd are licensed insurance companies authorized by the National Bank of Rwanda (BNR). Prime Insurance Ltd and Prime Life Insurance Ltd have implemented various information systems in a bid to improve efficiency and effectiveness in the execution of their mission.

To ensure that the information systems are safeguarding assets, maintaining data confidentiality, integrity, and availability and operating effectively and at their optimum to achieve the company's objectives, we wish to engage a reputable firm to provide Vulnerability Assessment and Penetration Testing (VAPT), Data Protection Impact Assessment (DPIA), Risk assessment (RA) and Business Impact Analysis (BIA) services.

2) Objectives of the Assignment 

The objective is to carry out a comprehensive review and examination of the security posture of the two companies concerning information system assets. This will involve evaluating the system's internal control design and effectiveness and an examination of the network perimeter, internal security posture, system security and database security.

The firm shall report on the conclusions reached from its review of the systems and recommend suitable measures for correcting any deficiencies which were identified during the review process.

3) Scope of Services 

The areas of review include but are not Ltd to:

  • Anonymous information gathering to discover all Internet-facing assets a hacker could identify as potential entry points into the organizations' network.
  • Scanning of internet-available network access points and web servers for known vulnerabilities.
  • Verifying scan-result findings through in-depth manual penetration testing attack techniques.
  • Providing deeply informed remediation guidance and advisory services for identified/verified vulnerabilities. 

Internal & External Penetration Testing: -

  1. External and internal network vulnerability assessment and penetration testing.
  2. Internal web application penetration testing.
  3. Review of network architecture designs.
  4. Server security and configuration reviews.
  5. Database security and configuration reviews.
  6. Third party interconnection reviews.
  7. Application security configuration reviews.
  8. System configuration and change management reviews.
  9. Authorization and session management testing.
  10. Denial of service testing.
  11. Data validation testing.
  12. Firewall and router configuration reviews and testing.
  13. Data centre security assessment.
  14. VPN configuration reviews.
  15. Password service strength testing.
  16. Email security testing.
  17. DR testing 

The List of Internet Protocols (IPs), Information Systems in Place, database, and servers will be disclosed to the winning bidder.

4) Deliverables 

The contracted firm is expected to provide a VAPT report with detailed findings and appropriate recommendations as well as an implementation plan agreed on with Management to correct the deficiencies as well as DPIA, RA, and BIA reports

5) Requirements from the firm 

Prime Insurance Ltd and Prime Life Insurance Ltd will require a suitably qualified and experienced Firm to carry out a Vulnerability Assessment and Penetration Testing (VAPT), Data Protection Impact Assessment (DPIA), Risk assessment (RA) and Business Impact Analysis. 

The Firm will be required to submit the following: -

a. Firm profile.

b. Proposal seeking to demonstrate relevant competency and expertise and as a minimum should provide the following: 

  • Detailed CVs of the team who will undertake the VAPT, DPIA, RA and BIA Provide at least three (3) corporate clients recommendation letters from clients to whom you have implemented successfully the assignment.
  • The methodologies to be used to successfully undertake the assignment.
  • A detailed work plan on how the milestones of the assignment will be achieved.
  • Methods and tools for measuring and monitoring the effectiveness of the assignment.
  • Tax clearance
  • Business registration certificate 

c. Financial offer including tax

Proposals must be delivered at Prime life insurance HQ not later than 8th March 2024 10:00 AM

For any clarification or site survey please call +250787903451 not later than 4th March 2024 or email

Col (Rtd) Eugene M. HAGUMA

Chief Executive Officer



Chief Executive Officer


Job Info
Job Category: Tenders in Rwanda
Job Type: Full-time
Deadline of this Job: Wednesday, March 13 2024
Duty Station: Kigali
Posted: 28-02-2024
No of Jobs: 1
Start Publishing: 28-02-2024
Stop Publishing (Put date of 2030): 28-02-2066
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.