International Consultant to Support Drafting Laws on Cybersecurity and Cybersecurity Related Documents

NOTE: Signed Offeror’s Letter to UNDP Confirming Interest and availability – https://www.ba.undp.org/content/dam/bosnia_and_herzegovina/docs/Operations/Jobs/Offerors%20Letter%20to%20UNDP%20Confirming%20Interest%20and%20Availability.docx – Letter to UNDP Confirming Interest and Availability.docx – to be sent to e-mail [email protected] with Subject: Job ID 101541.

Bosnia and Herzegovina, as a member of international organizations, has committed itself to uphold the obligations, principles and standards arising from membership in these organizations, be it the United Nations (UN), the Organization for Security and Co-operation in Europe (OSCE), regional initiatives or commitments on the path to accession to the European Union. 

Bosnia and Herzegovina’s strategic goal is to join the EU through accession negotiations to full membership. One of the requirements during this process is an adequate level of cyber security. In this segment of the accession process, the most relevant is the Directive (EU) 2016/1148 of the European Parliament and of the Council on measures for a high common level of security for network and information systems across the Union, also known as NIS Directive (EU Network and Information Security Directive), inter alia requires that each Member State adopts its own Information and Communication Systems Security.  

At present, Bosnia and Herzegovina is developing new legislative frameworks in the area of cybersecurity both at the state and entity levels.  These legislative frameworks will have to be harmonized and in line with the EU NIS Directive.  Additionally, it is an obligation of Bosnia and Herzegovina to develop strategic documents in the area of cybersecurity.

In July 2021, UNDP BiH has launched a project tailored to provide the required technical support to the relevant institutional representatives so that the cyber security legal and regulatory framework can be drafted. This project is aligned with Output 2.3. of the Country Program Document for Bosnia and Herzegovina1 and contributes to the achievement of SDG 16: Peace, Justice and Strong Institutions.

In line with the above, the purpose of this consultancy is to provide expert, technical and administrative support to the BiH Ministry of Security in developing draft law on cyber security of the institutions of BiH and harmonization of the positions of the competent institutions with the aim of drafting a strategic document in the field of cyber security in BiH in line with the NIS directive, as well as the development of appropriate pertinent documents.

Under this assignment, the International Consultant is supporting the effective implementation of technical assistance pillar under this Project, with the following tasks: 

Task 1. Provide expert, technical and administrative support to the MoS BiH in developing draft law on cybersecurity of the institutions of BiH. 

Under this activity the International Consultant is expected to:  

1. Familiarize himself/herself with the key documents in this field at the State level to ascertain level of harmonization with the relevant EU Directive and international standards. 
2. Hold an introductory meeting with the national consultant and representative of the MoS to introduce the drafting process and desired outcomes.
3. Review and analyse working version of the Law on Information and Network Security in the Institutions of BiH in regard to its harmonization with the EU NIS Directive and positive EU practices and prepare and provide concrete recommendations for improvement of the working version of the Law.

The timeframe for this activity will not exceed 5 expert days. 

Task 2. Provide expert, technical and administrative support to the MoS BiH in harmonization of the positions of the competent institutions, preparation and technical consultations towards the cyber security strategy for Bosnia and Herzegovina.    

Under this activity the International Consultant is expected to:  

1. Familiarize himself/herself with the key documents, actors and status of policy development in this field.  
2. Hold an introductory meeting with the national consultant and designated staff of responsible institutions to introduce the drafting process and desired outcomes.   
3. Conceptualize, lead and facilitate 3 three-day workshops (supported by the National Consultant) in local languages with representatives of competent institutions, as well as subject-matter experts from the EU institutions, academia and IT industry, so that draft national cyber security strategy is prepared in a participatory and technically viable manner and in accordance with the constitutional competencies of the relevant institutions.   

The timeframe for this activity will not exceed 20 expert days. 

Task 3.  Support to the CSIRTs’ operators in the country 

Under this activity the International Consultant is expected to:  

1. Conduct a brief training needs assessment and identify specific learning priorities of the CSIRTs under the legal & cooperation, operational and technical themes, to help further customised delivery of training sessions.  
2. Drafting measures of information and network security in the institutions of BiH in the local languages based on requirements provided by the MoS and best practices. 

The timeframe for this activity will not exceed 11 expert days.  

Task 4. Provide expert, technical and administrative support to the MoS BiH in developing draft of Politics of information security in the MoS. 

Under this activity the International Consultant is expected to:  

1. Familiarize himself/herself with the key documents and requirements in this field in the MoS. 
2. Hold an introductory meeting with the national consultant and representative of the MoS to introduce the drafting process and desired outcomes
3. Drafting of Politics of information security in the MoS BiH in the local languages based on received requirements and best practices.  

The timeframe for this activity will not exceed 10 expert days. 

Task 5. Prepare a final report on activities undertaken 

Under this activity the International Consultant shall undertake the following main tasks:  

1. Collect feedback from Working Group on the drafting process, quality of technical support provided and associated learning experience 
2. Submit a final report, no longer than 10 pages, about the activities undertaken concerning drafting of laws and national cyber security strategy 

The timeframe for this activity will not exceed 4 expert days. 

Deliverables/outputs

Corporate competencies: 

• Demonstrates integrity by modelling the UN’s values and ethical standards;  
• Promotes the vision, mission, and strategic goals of UNDP;  
• Displays cultural, gender, religion, race, nationality and age sensitivity and adaptability;  
• Treats all people fairly without favoritism;  
• Fulfils all obligations to gender sensitivity and zero tolerance for sexual harassment;  

Functional competencies: 

Professionalism:  

• Demonstrates professional competence and mastery of subject matter;   
• Conscientious and efficient in meeting commitments, observing deadlines and achieving results;   
• Motivated by professional rather than personal concerns;  
• Shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. 

Planning and Organizing:  

• Develops clear goals that are consistent with agreed strategies;  
• Identifies priority activities and assignments;  
• Adjusts priorities as required; allocates appropriate amount of time and resources for completing work; uses time efficiently; 
• Foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary.  

Client Orientation:  

• Considers all those to whom services are provided to be “clients” and seeks to see things from clients’ point of view;  
• Establishes and maintains productive partnerships with clients by gaining their trust and respect; Identifies clients’ needs and matches them to appropriate solutions;  
• Monitors on-going developments inside and outside the clients’ environment to keep informed and anticipate problems;  
• Keeps clients informed of progress or setbacks in projects; meets timeline for delivery of products or services to client. 

Academic Qualifications/Education:

• University degree in the area of Information Tehnology, Electrical Engineering  or another relevant field. 

Experience:

• At least 5 years of professional experience in area of cyber security and protection of IT systems.   
• Extensive professional experience dealing with cyber security governance within the public sector on the strategic level in one EU member state. 
• General knowledge of the European Union regulatory framework and comparative European national legislation and practices in the area of cyber security.   
• Very good understanding of and familiarity with cyber security regulations in the Western Balkans will be considered a strong asset. 
• Proven ability to undertake professional research using both quantitative and qualitative methods; 
• Proven analytical skills and ability to conceptualise and write concisely and clearly; 
• Previous work for UN agencies in the country is considered as unique asset. 

Languages Requirements:

• Fluency in English, with excellent drafting and presentation skills. 
• Knowledge of BiH languages is an asset. 

Other Requirements:

• Excellent computer skills (MS Office applications) and ability to use information technologies as a tool and resource. 

Longlisting/Shortlisting Criteria

Qualifications as stated in the ToR

Technical Evaluation Criteria

Evaluation

Individual  will be evaluated based on the following methodology:

Cumulative analysis

When using this weighted scoring method, the award of the contract should be made to the candidate whose offer has been evaluated and determined as:
a) responsive/compliant/acceptable, and
b) Having received the highest score out of a pre-determined set of weighted technical and financial criteria specific to the solicitation.

• * Technical Criteria weight-70%
• * Financial Criteria weight- 30%

Interested candidated must submit the following documents/information to demonstrate their qualifications:

• Personal CV/P11, including past experience in similar projects and at least 3 references;
• Explaining why they are the most suitable for the work;
• Provide a brief methodology on how they will approach and conduct the work; or sample of previous document/strategy/paper done by the consultant 

Please scan all above mentioned documents and upload as one attachment only online through this website.

Note:

• For an assignment requiring travel, consultants of 65 years or more require full medical examination and statement of fitness to work to engage in the consultancy.