TERMS OF REFERENCE
CONSULTANT FOR THE DEVELOPMENT OF AN INTEGRATED MANAGEMENT SYSTEM
COMPLIANT AND CERTIFIABLE TO ISO 9001:2015 and ISO/IEC 27001

BACKGROUND

In line with the Philippine government’s program to promote efficiency and responsiveness, public sector organizations are urged to enhance operations and delivery of services in order to gain trust and confidence from the public.

Executive Order (E.O.) No. 605 Institutionalizing the Structure, Mechanisms and Standards to Implement the Government Quality Management Program, Amending for the Purpose Administrative Order No. 161, S. 2006 directs all departments and agencies of the Executive Branch, including all government-owned and controlled corporations (GOCCs), government financial institutions (GFIs), and national line agencies (NLAs) to adopt the ISO 9001 Quality Management Systems (QMS) as part of the implementation of the Government-wide Quality Management Program (GQMP), the same was issued to effect actual improvements in public service.

The Home Guaranty Corporation (HGC), as one of the key shelter agencies in the Philippines that serves as an enabler or facilitator in assisting the Filipino people to have their own homes through its system of guaranty, recognizes the need to enhance its efficiency and responsiveness thru institutionalization of QMS certifiable to the latest ISO QMS (9001:2015) and ISMS ISO/IEC 27001.

The development of an Integrated Management System Compliant and Certifiable to ISO 9001: 2015 and ISO/IEC 27001 will greatly enhance the operations of HGC in the fulfillment of its mandate.

I. OBJECTIVE

The primary objective of the project is to hire the services of a consultant to develop an Integrated Quality and Information Security Management System (QISMS) certifiable to ISO 9001 and ISO/IEC 27001. The QISMS will be the basis in managing and protecting HGC’s information assets more effectively, efficiently and economically, and satisfying customers through excellent service provisioning.

The role of the consultant throughout the project is to provide and transfer expert knowledge of Quality and Information Security Management System (QISMS) covering its development and implementation. This will be achieved through trainings, workshops, guidance in reviewing the developed policies and necessary documents, review of risk management activities, guidance in implementing the QISMS, and the conduct of pre-certification audit.

Specifically, the Consultant will ensure that HGC is able to:

1. Establish baselines to use as anchors in assessing progress of QISMS development and implementation;
2. Prepare the required documentation – policies, manuals, documented procedures, work instructions, records - for the efficient and effective operation of QISMS and for certification;
3. Design the QISMS in the most effective, economic and timely manner with all the relevant consideration and constraints taken into account;
4. Develop or enhance an organizational structure to support the objectives of QISMS;
5. Define a method of managing risks where threats are identified and risks are mitigated;
6. Implement the QISMS policies and procedures and monitor these for effectiveness;
7. Develop strategies and actions to correct lapses and prevent potential lapses in the implementation of the QISMS;
8. Develop competences in conducting Internal Audits; and
9. Provide support during the certification audit and in developing strategies and actions to address non-conformances and observations

II. SCOPE OF WORK/DESCRIPTION OF THE PROJECT

The consultant shall engaged to perform tasks specific to the Project entitled: Development of an Integrated Management System Compliant and Certifiable to ISO 9001: 2015 and ISO/IEC 27001.

The development of the quality and information security management system (QISMS) shall be for the agreed scope below:

1. QMS Scope Expansion
   Legal Group; Asset Management and Disposition Group; Corporate Services Group; and support services (including Billing and Collection). The expansion will be in alignment with the existing quality management system and ISO 9001:2015 standards.
2. ISMS Development
   Operations of HGC Management Information Systems Department (MISD) to include system development and maintenance and security monitoring.
3. Integration Efforts
   Both QMS and ISMS will be integrated into a QISMS

III. OBLIGATIONS OF THE CONSULTANT

1. Organize a team who will conduct the project within the agreed time frame;
2. Prepare the program and course designs for all the training and workshop activities;
3. Provide one (1) set of training materials in soft copy (PDF or MS Office format) for each course to be conducted at least one (1) week prior to the actual training;
4. Provide resource persons/technical experts to conduct the training courses;
5. Provide certificates of participation or completion for qualified participants of training courses conducted;
6. Review the draft Quality Manual, Quality Policy, Quality Procedures, and Standard Operational Instructions, and recommend necessary revisions to ensure alignment of these documents with ISO 9001:2015 standards;
7. Provide technical assistance and guidance to the HGC’s counterpart team in establishing and implementing the Quality Management System until ISO 9001:2008 and ISO/IEC 27001 certifiable level; and
8. Consultant shall perform the necessary tasks at NO ADDITIONAL COST to the HGC up until the passing of the certification audit.

IV. OBLIGATIONS OF THE HGC

1. Designate a counterpart team who shall work closely with the Consultant regarding technical and administrative requirements of the project;
2. Provide logistical requirements for the training and workshop sessions. These shall include training venue, accommodation (when necessary), equipment (projector with laptop), supplies, training materials, and meals for participants and resource persons;
3. Ensure timely implementation of relevant project activities and provide policy support for the implementation of quality systems and procedures adopted by HGC; and
4. Ensure availability and participation of concerned participants during conduct of training courses and other activities necessary for the implementation of the project.

V. MINIMUM QUALIFICATIONS OF THE CONSULTANT

The Consultant must have a proven track record in assisting companies develop, implement and get certification for ISO 9001 and ISO/IEC 27001 management systems.

The Lead Consultant must have at least ten (10) years professional experience in developing and implementing management systems with competencies in enterprise risk management (ERM), business continuity management (BCM) and information security management. Further, the Lead Consultant must be Certified and Affiliated with the International Register of Certificated Auditors (IRCA) Information Systems Audit and Control Association (ISACA).

VI. CRITERIA FOR EVALUATION/SELECTION

HGC shall select the most qualified ISO Trainor and Documentation Consultant using the quality cost-based methodology pursuant to the pertinent provisions of R.A. No. 9184. The 70% - 30% quality to cost ratio shall be used for this purpose and shall be allocated as follows:

Criteria	Percentage
A. Technical Proposal 1. Quality of Personnel to be Assigned            30% 2. Firm Experience & Capability                       30% 3. Plan of Approach & Methodology                40%	70%
B. Cost Proposal	30%
Total	100%

VII. APPROVED BUDGET FOR THE CONTRACT (ABC)

For and in consideration of the services of the consultant, the HGC shall pay the sum of FOUR HUNDRED NINETY EIGHT THOUSAND PESOS (P498,000.00), inclusive of the 12% VAT, payable as follows:

Activity/Expected Output	Amount (P)
Upon  submission of Inception Report	83,000.00
Upon completion of training on ISO 9001:2015 and 27001 QMS requirements and documentation	83,000.00
Upon submission of draft QISMS Quality Manual, Quality Procedures, Information and security policies, Risk management and Standard Operational Instructions for All HGC Processes	83,000.00
Upon completion of Technical Guidance on QMS Implementation, Business Continuity Plan	83,000.00
Upon completion of Training on Internal Quality Audit	83,000.00
Upon completion of Final Gap Assessment and Management Review; Stage 1 and Stage 2 Audit Guidance; and Corrective action and continual improvement planning	83,000.00
Total	498,000.00