PREPARE ZRA FOR ISO 27001 CERTIFICATION

GIZ TENDER SEPTEMBER 2025  

PREPARE ZRA FOR ISO 27001 CERTIFICATION

GFG IV aims to support the Government of the Republic of Zambia [GRZ] to implement its planned public financial management [PFM] reforms aimed at restoring fiscal sustainability and improving efficiency and effectiveness of public resource allocation, and spending, for better public service delivery.

The objective of the project is to strengthen public financial management in Zambia. To achieve this objective, the project focuses on 3 main intervention areas – [1] improving budget credibility, (2) strengthening domestic resource mobilization, including tax policy and tax administration, as well as [3] increasing GRZ’s capability to steer and implement comprehensive cross-cutting PFM reforms and processes. More information about the programme can be found on the GFG website.

The Zambia Revenue Authority has embarked on a significant digital transformation journey, automating most of its business processes and converting them into online services. A notable milestone was the automation of tax filing, returns, and payment of domestic taxes through the Tax Online II platform. This was followed by the implementation of the Smart Invoicing system, which focuses on Value-Added Tax [VAT], Turnover Tax, Rental income, and Tourism Levy to enhance compliance.

Now, GIZ wishes to hire a qualified consultant to guide ZRA in preparing for ISO 27001 Certification. The consultant will assist the Authority in implementing an ISMS that aligns with the standard’s requirements, identifying and mitigating potential security risks, and ensuring compliance with regulatory and contractual obligations

OBJECTIVES OF THE ASSIGNMENT

The consultant is required to undertake the following specific objectives:

1.         Competence Building

Build the necessary competencies to have an active role in the development of an 15027001-compliant ISMS.

1.         Scope Definition

Identify gaps in the IS027001 implementation and the ISMS Scope.

   III.        GAP Analysis

Simulating the Stage One Audit that would be carried out by a Certification body towards an IS027001 certification audit.

1.         Risk Assessment

Establish the context for information security risk management, which involves setting the basic criteria necessary for information security risk management

1.         Pre-Certification Audit and Certification Audit

Simulation of both Stage One and Stage Two audits by IS027001 Lead Auditors Certified in IS027001 Audit

The assignment is expected to be performed between November 2025 to August 2026 and be completed approximately within 300 days of signing the contract

SELECTION CRITERIA:

To qualify for consideration in the tender procedure, interested individuals/firms are required to meet the following qualifications and submit documents for eligibility assessment accordingly:

• Education/training: degree in a relevant field, such as computer science, information security, management or related
• Language: C1-level English language proficiency
• General professional experience: 7 years of professional experience in development cooperation, public relations, strategic communication, or policy advisory roles.
• Specific professional experience: 5 years of experience in: ISO 27001 Experience implementing and managing ISO 27001 or similar information security management Systems and Information Security Experience: Information Security Management

CERTIFICATIONS

1. ISO/IEC 27001 Lead Auditor: Demonstrates expertise in auditing Information Security Management Systems [ISMS] against the ISO 27001 standard
2. ISO/IEC 27001 Lead Implementer: Shows knowledge and skills in implementing ISMS in accordance with ISO 27001 requirements.
3. CISSP (Certified Information Systems Security Professional): Indicates expertise in information security practices and principles.

ADDITION SUBMISSIONS:

1. Annual total turnover for each of the last three [3] years, a minimum of EUR 150,000 or Zambian Kwacha equivalent per year is required
2. List of completed and ongoing projects supported by client references in the area of ISO 27001 certification in Africa.
3. CV detailing experience, competencies, and skills of key personnel.

SUBMISSION DETAILS:

• Official letter expressing interest.
• A brief concept note on the subject matter.

Become Member To see All details. Join us Or Login