PROVISION OF CONSULTANCY SERVICES FOR IDENTITY ACCESS MANAGEMENT (IAM) GAP ASSESSMENT AND FRAMEWORK DEVELOPMENT SERVICES

KCB BANK KENYA LTD TENDER DECEMBER 2025 

PROVISION OF CONSULTANCY SERVICES FOR IDENTITY ACCESS MANAGEMENT (IAM) GAP ASSESSMENT AND FRAMEWORK DEVELOPMENT SERVICES

1. INTRODUCTION

KCB Bank Group Ltd (hereinafter referred to as “the Bank”) is a leading commercial banking group in the East African region, renowned for its diversity and growth potential. As KCB Group expands its digital footprint across Africa, managing digital identities and access securely becomes increasingly complex. The group has also diversified its technology footprint with adoption of Cloud Computing spanning different cloud providers with models varying from IaaS, PaaS, SaaS and hybrid. With adoption of flexible working models such as Remote Working there is further need to review the current approaches to identity and access management. To support its strategic pillars Execution Excellence, Digital Leadership, and Risk Resilience, a robust Identity and Access Management (IAM) program is essential. IAM is foundational to KCB’s strategic pillars and enablers:

• Execution Excellence through streamlined identity lifecycle management, improving efficiency and service delivery.
• Digital Leadership by enabling secure, frictionless access to digital services that foster innovation and customer focus.
• Strengthening Risk Resilience via proactive identity governance that reduces unauthorized access and ensures regulatory compliance.

A well-developed IAM program will include the following propositions:

• Establish centralized control over user identities, authentication, and authorization.
• Enable secure access to systems and applications across KCB’s ecosystem.
• Establish a robust approach to managing role assignments matched to organizational roles, manage transitions in line with role changes and highlight toxic combinations in role assignments.
• Establish clear responsibilities and accountabilities within the Identity and Access management lifecycle across the organization.
• Support agile working models with location-independent access.
• Improve user onboarding/offboarding and access provisioning.
• Provide visibility into access rights and enforce Segregation of Duties (SoD).

2. Aims and Objectives of the tender

KCB proposes engaging a consultancy partner to assess KCB’s current IAM landscape and develop a comprehensive IAM framework. The consultancy will:

• Review the Group Strategic objectives and existing practices, policies, procedures and related artifacts in relation to Identity and Access Management and determine gaps.
• Propose an Overarching Identity and Access Management Framework / Model to address the gaps
• Gap Design a governance architecture covering identity lifecycle, access provisioning, recertification, review, audit, and privileged access with appropriate RACI Matrices.
• Review and enhance Role-Based Access Control (RBAC) and SoD alignment.
• Streamline IAM workflows and governance processes.
• Align the program with industry standards and regulatory requirements.
• Conduct a gap analysis and define a strategic roadmap with clear milestones.
• Evaluate the suitability and sustainability of existing IAM tools and systems.
• Propose an Implementation roadmap with key milestones and maturity assessments to track the implementation journey in line with best practicers and organizational context

To enable secure, scalable, and compliant digital growth across Africa, KCB seeks to assess its current IAM landscape and establish a robust framework that aligns identity governance with its strategic pillars of Execution Excellence, Digital Leadership, and Risk Resilience.

This document constitutes the formal Request for Proposals (RFP) for the Provision of Consultancy Services for Identity Access Management (IAM) Gap assessment and Framework Development services.

3. Eligibility

This Request for Proposal has been sent out on a restricted tender basis. All eligible bidders to respond to the Request for Proposal. The interested Bidders who are dealing in the provision of consultancy services for data migration and reconciliation and meeting the tender requirements can respond.

4. SCOPE OF WORK

The Bank is requesting proposals from qualified information security and compliance service firms to provide Identity Access Management consultancy services towards achieving the following.

1. i)Current State Assessment, IAM Roadmap Implementation and Feasibility analysis on existing IAM toolsets.

• Current state assessment & gap analysis document
• Card Target IAM architecture & roadmap
• Governance and operating model recommendations ▪ Feasibility analysis report on existing IAM systems

1. ii)Development of Identity Governance Control Documentation for sample systems

• Review of role descriptions and entitlements document ▪ Review of segregation of duties matrix and rulesets
• Review and mapping mitigating controls and residual conflict documentation

iii)    Roadmap Development and Maturity assessments

• Provide a TO BE IAM Model/Framework tailored to the group needs and context.
• Provide a phased implementation plan with feasible outcomes and incremental milestones towards the end state.
• Provide a Maturity Assessment Methodology and took kit/scoring sheets/checklists to enable the group to track maturity and progress on the implementation journey.

5. Deadline for Submission of Bids

All Bids should be submitted through the supplier portal.

Deadline: 2025-12-10 00:00:00

Please note:

• Soft Copies for each proposal are to be provided in PDF through the sourcing portal.
• Any bid received by the Bank after the deadline data as specified in the supplier portal will be rejected.