Consultancy Services for Implementation of ISO/IEC 27001:2022 Assessment, IT Policy Review and Audit

The Private Power & Infrastructure Board (PPIB) in Islamabad Capital Territory is procuring consultancy services for the implementation of ISO/IEC 27001:2022 Information Security Management System (ISMS) and IT policy review and audit. This assignment involves a comprehensive gap analysis of PPIB's existing information security framework, design and implementation of an ISMS compliant with ISO/IEC 27001:2022, development of mandatory policies and documentation, training and knowledge transfer, internal audit and readiness assessment, and certification support including coordination with an accredited certification body. The scope covers all departments, processes, personnel, IT infrastructure, and business functions at PPIB's offices in Islamabad. The consultant must provide detailed deliverables such as gap analysis reports, risk assessment and treatment plans, ISMS framework, policies, training materials, internal audit reports, and certification coordination documents. The consultancy firm must have proven experience in ISO/IEC 27001 implementation, be a PTA approved Category-I Cyber Security audit firm, and have completed at least four similar projects in Pakistan including government or banking sectors. Bidders must be registered on EPADS v2.0 and submit proposals online by the deadline of Tuesday, June 30, 2026 at 12:00 PM. The submission must include a bid security or bid securing declaration as per the instructions. The technical and financial proposals will be evaluated using Quality and Cost Based Selection (QCBS) method. Manual submissions are not accepted. The bid opening will be conducted on the same day at 12:30 PM via EPADS v2.0. A practical tip for bidders is to ensure timely registration on EPADS v2.0 and carefully prepare the technical proposal addressing all eligibility criteria including PEC category, FBR/ATL registration, and documentary evidence of prior ISO/IEC 27001 consultancy assignments. Early submission and compliance with bid security requirements will avoid disqualification. The consultancy services are critical for strengthening PPIB's information security governance and achieving international certification standards.