The Scope of work for the Consultancy shall comprise of:
i. Performing a Gap Assessment of TMRC’s existing infrastructure with respect to globally accepted cybersecurity standards and best practices:

• Review & Identify gaps with respect to Cyber Security/Resilience Framework (gaps assessment).
• Perform a comprehensive vulnerability assessment and penetration testing as part of gap analysis using standard tools.
• Discuss with management existing gaps in infrastructure, architecture, process and systems.
• Review the existing processes, procedures, and systems for their adequacy and efficiency.
• Identify gaps in TMRC’s Cyber threat detection mechanisms.
• Recommend controls required to mitigate the gaps.

ii. Creating an Assessment Report based on the gap analysis above including, but not limited to:

• An executive summary with objectives, scope, background, summary of findings, and recommendations
  Identification of TMRC’s cybersecurity maturity gaps.
• Recommendations for eliminating, or mitigating, security risks and increasing cybersecurity maturity levels.
• Summary of areas reviewed/examined along with the methodologies/procedures used.
• Recommendations on industry standards, security frameworks / best practices to mitigate and bridge the gaps.
• Current Maturity level of the organization and desired level of maturity.
• List of key initiatives/ Projects that must be undertaken to achieve the desired maturity level.
• Implementation roadmap of remediations to reach the target maturity.

iii. Develop a Policy and Process for cybersecurity

• Develop a policy and a process manual for cybersecurity for TMRC.
• Provide training to TMRC staff on cybersecurity.