International Consultant (Lead Consultant) to conduct assessment of the Federation of BiH (FBiH) draft Law on Cyber Security

NOTE: Signed Offeror’s Letter to UNDP Confirming Interest and availability – https://www.ba.undp.org/content/dam/bosnia_and_herzegovina/docs/Operations/Jobs/Offerors%20Letter%20to%20UNDP%20Confirming%20Interest%20and%20Availability.docx – Letter to UNDP Confirming Interest and Availability.docx – to be sent to e-mail [email protected] with Subject: Job ID 96840.

Bosnia and Herzegovina, as a member of international organizations, has committed itself to uphold the obligations, principles and standards arising from membership in these organizations, be it the United Nations (UN), the Organization for Security and Co-operation in Europe (OSCE), regional initiatives or commitments on the path to accession to the European Union.

Bosnia and Herzegovina’s strategic goal is to join the EU through accession negotiations to full membership. One of the requirements during this process is an adequate level of cyber security. Directive (EU) 2016/1148 of the European Parliament and of the Council on measures for a high common level of security for network and information systems across the Union, also known as NIS Directive 2 (EU Network and Information Security Directive), inter alia requires that each Member State adopts its own Information and Communication Systems Security. 

The purpose of the consultancy is to provide technical support to the FBiH Ministry of Transport and Communications (Ministry) in technical assessment of the draft Law on information security, security of network and information systems of the Federation of Bosnia and Herzegovina (FBiH Cyber Security Law) regarding alignment of the draft law with EU Directives (primarily NIS Directive) as well as with the existing legal framework in BiH; assessment of the financial impact of the law on the overall budget of the FBiH institutions and developing of a roadmap – action plan for full implementation of the law including establishment of clear guidelines regarding preparation of relevant bylaws and steps to be taken toward establishment of the Computer Security Incident Response Team (CSIRT) at the level of FBiH.  Furthermore, the Consultant shall provide a very brief comparative overview of the relevant cyber security legal and regulatory frameworks in the entity of BiH Republika Srpska (RS) as well as at the state (national) level and explain how the actions in FBiH would also align with the Guidelines on strategic Cyber Security framework for Bosnia and Herzegovina.   For the purpose of successful completion of the Consultancy, selected candidate shall work with a national cyber security consultant (national consultant) who will provide necessary and relevant inputs regarding national legal, institutional and regulatory frameworks. 

The assignment will encompass the following:

1.Design and planning of a needs assessment study

Under this activity the consultant shall undertake the following tasks:

1.1 Familiarize himself/herself with the key documents including holding an introductory meeting with the national consultant and designated staff of the Ministry. 

1.2 Based on collected information, inputs from the national consultant and designated staff of the Ministry and the focal points for other levels in BiH (national level and the level of RS), the Consultant shall prepare proposed methodology for conducting the assessment. Proposed methodology shall include identified areas on which information will be sought, detailed plan for the meetings and the list of proposed contacts.  Once completed, proposed methodology shall be submitted to UNDP supervisor for approval. 

The timeframe for this activity will not exceed 2 expert days.

2. Desk review and fact finding 

Under this activity the consultant shall undertake the following main tasks:

2.1 Based on the approved methodology and plan, the incumbent shall undertake in-depth analysis of the draft FBiH Cyber Security Law focusing on the main objectives of the consultancy using official documents provided by the Ministry.

2.2 The incumbent shall maintain continued communication with designated staff of the Ministry and national consultant via online platforms to collect information necessary for producing financial impact analysis, compliance table and comparative analysis.

The timeframe for this activity will not exceed 5 expert days.

3. Producing Final Needs Assessment Report 

Under this activity the consultant shall undertake the following main tasks:

3.1 Analyse collected information and prepare assessment report, including overall narrative report and, in a separate MS Word document, appropriate comments and recommendations within the original draft FBiH Cyber Security Law provided by the Ministry in the “track changes” and “comments” form.  Both deliverables shall be subject to approval of the UNDP Supervisor and designated staff of the Ministry. 

3.2 Prepare compliance table regarding compliance of the draft law with relevant EU regulations and national legislative framework in line with the government Decision on the procedure of harmonization of the legislation of Bosnia and Herzegovina with the acquis Communautaire.   

3.3 Prepare a roadmap – action plan for full implementation of the FBiH Cyber Security Law including establishment of clear guidelines regarding preparation of relevant bylaws and steps to be taken toward establishment and operational modalities of the CSIRT at the level of FBiH.

3.4 Prepare an overview of the relevant regulatory and legal frameworks for the national level of BiH and RS. 

The timeframe for this activity will not exceed 7 expert days.

Duties and Responsibilities:

Scope of work

• Collect and analyze relevant documentation. 
• Hold initial and follow-up meetings (online) on an as-needed basis with the designated staff of the Ministry and UNDP National Consultant.
• Maintain continued communication with the UNDP Supervisor, UNDP National Consultant and designated staff of the Ministry. 
• Prepare and submit proposed methodology to the UNDP Supervisor within 2 days from the initial meeting for inputs and clearance.
• Undertake in-depth analysis of the draft Law on Cyber Security.
• In cooperation with UNDP National Consultant, collect information necessary for financial impact assessment.
• Prepare interim report upon completion of 7 expert days and submit it to UNDP Supervisor and designated staff of the Ministry for their review and clearance.
• In cooperation with UNDP National Consultant and designated staff of the Ministry collect necessary information for producing roadmap – action plan.

Deliverables/outputs

Corporate competencies:

• Demonstrates integrity by modelling the UN’s values and ethical standards;
• Promotes the vision, mission, and strategic goals of UNDP;
• Displays cultural, gender, religion, race, nationality and age sensitivity and adaptability;
• Treats all people fairly without favoritism;
• Fulfils all obligations to gender sensitivity and zero tolerance for sexual harassment;

Functional competencies:

Professionalism:

• Demonstrates professional competence and mastery of subject matter; 
• Conscientious and efficient in meeting commitments, observing deadlines and achieving results; 
• Motivated by professional rather than personal concerns;
• Shows persistence when faced with difficult problems or challenges; remains calm in stressful situations.

Planning and Organizing:

• Develops clear goals that are consistent with agreed strategies;
• Identifies priority activities and assignments;
• Adjusts priorities as required; allocates appropriate amount of time and resources for completing work; uses time efficiently;
• Foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary.

Client Orientation:

• Considers all those to whom services are provided to be “clients” and seeks to see things from clients’ point of view;
• Establishes and maintains productive partnerships with clients by gaining their trust and respect; Identifies clients’ needs and matches them to appropriate solutions;
• Monitors on-going developments inside and outside the clients’ environment to keep informed and anticipate problems;
• Keeps clients informed of progress or setbacks in projects; meets timeline for delivery of products or services to client.

Academic Qualifications/Education:

• Advanced university degree in the area of law, criminology, economy, political science or another relevant field
• BA degree with additional two years of working experience may be accepted in lieu of the advanced university degree in the area of political science or another relevant field.

Experience:

• At least 8 years of professional experience in practicing law, public administration, academy, or consulting dealing with issues of cyber security. 
• Extensive professional experience dealing with cyber security governance within the public sector. 
• Excellent knowledge of the European Union regulatory framework and comparative European national legislation and practices in the area of cyber security. 
• Very good understanding of and familiarity with cyber security regulations in the Western Balkans will be considered a strong asset
• Proven ability to undertake professional research using both quantitative and qualitative methods;
• Proven analytical skills and ability to conceptualise and write concisely and clearly;
• Previous work for UN agencies in the country is considered as unique asset.

Languages Requirements:

• Fluency in English and official languages of BIH, with excellent drafting and presentation skills.

Other Requirements:

• Excellent computer skills (MS Office applications) and ability to use information technologies as a tool and resource.

Longlisting/Shortlisting Criteria

Qualifications as stated in the ToR

Technical Evaluation Criteria

Evaluation

Individual  will be evaluated based on the following methodology:

Cumulative analysis

When using this weighted scoring method, the award of the contract should be made to the candidate whose offer has been evaluated and determined as:
a) responsive/compliant/acceptable, and
b) Having received the highest score out of a pre-determined set of weighted technical and financial criteria specific to the solicitation.

• * Technical Criteria weight-70%
• * Financial Criteria weight- 30%

Interested candidated must submit the following documents/information to demonstrate their qualifications:

• Explaining why they are the most suitable for the work; 
• Provide a brief methodology on how they will approach and conduct the work; or sample of previous document/strategy/paper done by the consultant.

Please scan all above mentioned documents and upload as one attachment only online through this website.

Note:

• For an assignment requiring travel, consultants of 65 years or more require full medical examination and statement of fitness to work to engage in the consultancy.
• Due to large number of potential applicants, only competitively selected candidates will be contacted for remaining steps of the service procurement process.