Consulting, design and implementation of identity and role governance in PETDs to support OSI functions
Start date
Closing date
Country
Colombia
Sector
Technology
Project
CO-L1245Important Notice
This action will open an external link.
Description
Colombia, through the Directorate of National Taxes and Customs (DIAN), has financing from the Inter-American Development Bank (IDB) for the "Program to Support the Modernization of the Directorate of National Taxes and Customs". This call invites eligible consulting firms to submit their expressions of interest for the adoption of a comprehensive digital security model.
Scope of the consultancy
Main objective: To carry out the diagnosis, design, formalization and methodological support for the adoption of the Operational Model of Identity and Access Governance (IAM) of the DIAN.
Key components: The service includes the mining or archaeology of roles, definition of the catalog of business roles, formalization of technical/regulatory guidelines and the transfer of knowledge for strategic digital transformation projects.
Role limits: The consultant will have an exclusively technical, methodological and consultative role for the Office of Information Security (OSI). It will not assume functions of contractual supervision, auditing, administration of platforms or direct configuration of technological tools.
Reference budget: The estimated value of the contract is $2,251,118,617 COP (including VAT, direct and indirect costs, fees and contributions).
Duration: The estimated time frame for the implementation of the activities is 10 months.
Project phases
The consultancy will be formally structured in four consecutive stages:
Phase I (Diagnosis and Archaeology of Roles - As-Is): Analysis of the current status of permits, identification of gaps and initial characterization of profiles.
Phase II (Operating Model Design - To-Be): Definition of the IAM target model, role catalog, segregation of duties (SoD) rules, and roadmap.
Phase III (Regulatory Formalization and Transfer): Documentation of the model, alignment with OSI instruments and training of internal teams.
Phase IV (Technical Accompaniment): Technical-conceptual monitoring of the adoption of the model and its alignment with the institutional technological solution.
Qualification and Experience Requirements
Interested firms must accredit operational capabilities through contracts fully executed and finalized within the last seven (7) years, complying with the following conditions:
Number of contracts: Submit a minimum of three (3) and a maximum of six (6) contracts that demonstrate experience in at least two (2) of the following specialty lines:
Identity governance, IAM, access control, privilege management, and secure access mechanisms.
Information security, cybersecurity, technological governance models under frameworks such as ISO/IEC 27001 or NIST CSF (As-Is / To-Be analysis).
Management of access matrices, assignment rules, segregation of duties (SoD) and user lifecycle (Joiner, Mover, Leaver).
Design and updating of digital security policies, procedures, manuals and technical guides.
Access auditing, control panels, change management and knowledge transfer in cybersecurity.
Rules of legal validity:
The experience executed directly by the applicant firm will be evaluated.
If the offeror is a branch, the experience of its parent company will be validated.
If the offeror is a subsidiary, the experience of the parent company will not be accepted.
In the case of associations (APCA), the experience of the members will be added according to the rules of the process.
Process conditions
Selection mechanism: The process will be conducted under the IDB's Consulting Policies to form a short list of a minimum of five (5) and a maximum of eight (8) eligible companies.
Delivery method: Expressions of interest must be sent in writing in physical format to the official address determined by the entity. For this process, proposals by electronic means will not be allowed.
Note: Consultation documents and supplementary specifications are available in the official language of the country.
Follow Us