Notice for the Publication of the Call for Applications
The Kosovo Insurance Bureau (KIB) announces the
publication of a Call for Applications from qualified economic operators
for the provision of penetration testing services on its information
technology systems and infrastructure.
The purpose of this activity is to assess the security
level of KIB’s systems, applications, and network, in order to identify
and mitigate potential vulnerabilities, in compliance with international
cybersecurity standards and the regulatory requirements of the Central
Bank of the Republic of Kosovo.
Eligibility Criteria for Economic Operators
Interested economic operators must meet the following
minimum criteria:
- Professional
Experience:
Must have proven experience in conducting penetration testing projects for financial institutions, public entities, or other organizations with similar security requirements within the last three (3) years. - Previous
References:
Must provide at least five (5) verifiable references for similar completed projects, including the client’s name, date of completion, and a description of the services provided. - Professional
Certifications:
Must have staff certified in relevant cybersecurity fields with internationally recognized certifications such as: - OSCP
(Offensive Security Certified Professional)
- CEH
(Certified Ethical Hacker)
- GPEN
(GIAC Penetration Tester)
- or
other globally accepted equivalents.
- Work
Methodology:
Must present the methodology to be used during testing, in alignment with OWASP, NIST SP 800-115, or ISO/IEC 27001/27002 standards. - Independence
and Confidentiality:
Must guarantee full independence in performing the testing and maintain the confidentiality of all information handled during the process. - Licensing
and Legal Registration:
Must be a legally registered company in the Republic of Kosovo or an EU member state, authorized to operate in the field of information security.
Required Technical and Professional Capabilities
The economic operator must demonstrate compliance with the
following minimum technical and professional capability requirements:
- References:
Must have completed at least three (3) verified penetration testing projects, evidenced through service lists and confirmations of completed tests. - Technical
Team:
Must have a penetration testing team of at least three (3) members, including: - One
(1) Senior Penetration Tester with at least 5 years of relevant
experience and a minimum of 2 professional certifications in
computer security or penetration testing (including at least one
certification as Cyber Security Manager);
- One
(1) Penetration Tester with at least 2 professional cybersecurity
certifications;
- One
(1) Penetration Tester with at least 1 expert-level certification
in web application testing (e.g., OSWE – Offensive Security Web Expert);
- Each
penetration testing engineer must hold at least one
certification in cybersecurity or penetration testing (from EC-Council,
CompTIA, SANS, OffSec, eLearnSecurity, Google, etc.).
- Supporting
Documentation:
Operators must submit: - Copies
of valid technical staff certifications;
- Copies
of employment or project engagement contracts;
- A
description of the personnel assigned to the project and their respective
roles.
A single person may not cover more than one role within
the team and must be part of the team throughout the testing period.
- Exclusion
from Participation:
Companies that have implemented IT solutions for, or currently provide IT maintenance services to, the Kosovo Insurance Bureau are not eligible to participate in this activity.
Application Deadline and Submission Method
Interested economic operators may apply no later than
October 30, 2025, in accordance with the instructions and full
documentation published on the official KIB website:
🔗
https://bks-ks.org
For additional information, please contact us via the
official email address:
📧
[email protected]
