en
Connect Learn Finance

Redirect notice

You are being redirected to the platform Enko where you can access 100% free resources to boost your business. This is a collaboration between Visa and Connectamericas for Women.
Home > Purchasing announcements > Audit of the SGSPI
Purchasing announcements

Audit of the SGSPI

Start date

Thursday, April 23, 2026

Closing date

Sunday, May 10, 2026

Country

Colombia

Sector

Technology

Project

CO-L1245

Description

The Republic of Colombia, through the Directorate of National Taxes and Customs (DIAN), has financing from the Inter-American Development Bank (IDB) for the DIAN Modernization Support Program. This call seeks to hire a specialized firm to carry out a comprehensive audit of the Information Security and Privacy Management System (SGSPI). After having completed the planning and operation phases under the ISO/IEC 27001:2022 standard, the entity needs to independently validate its level of maturity and effectiveness, guaranteeing the closure of the continuous improvement cycle and the sustainability of its digital security model.

Scope of the consultancy

- Conformity Assessment: Verify compliance with the requirements of the ISO/IEC 27001:2022 standard and internal policies in the 32 processes and 54 sectional directorates of the DIAN.

- Technical Planning: Determine audit risks and opportunities, designing specific checklists and execution schedules.

- On-Site Verification: Execute audit techniques at the central and territorial level to validate personal data protection and digital risk management.

- Results and Improvement: Identify gaps and issue strategic recommendations that serve as input for institutional decision-making.

- Duration and Budget: The contract will be executed in 4 months, with an estimated budget of COP 237,233,231.

Qualification Requirements
The selection will be made using the Selection Based on Consultant Qualification (SCC) method (GN-2350-15). Signatures must accredit:

Specific Experience: Minimum 2 and up to 4 contracts completed in the last 5 years related to information security audits.

Technical Standards: At least one audit based specifically on ISO/IEC 27001:2022 and experience in audits under ISO 31000 or DAFP methodologies.

Operational Capacity: Experience in organizations with more than 3,000 employees and presence in at least 10 regional headquarters.

Legality: Submit a letter of interest, current incorporation documents and, in the case of APCA, the documentation of each member.

Note: The specifications and terms of reference are available in the official language of the country.

Eligible countries

Argentina
Bahamas
Barbados
Belize
Bolivia
Brazil
Chile
Colombia
Costa Rica
Dominican Republic
Ecuador
El Salvador
Guatemala
Guyana
Haiti
Honduras
Jamaica
Mexico
Nicaragua
Panama
Paraguay
Peru
Suriname
Trinidad and Tobago
Uruguay
USA
Venezuela
You must be signed in order to apply for this opportunity.

Share with a friend

Because you viewed this announcement

Loading...

Other recommended content

Loading...

Other users also viewed

Loading...
Enter the e-mail you used when you registered for ConnectAmericas to create a new password