Network Design Review with Virtual Private Network (VPN) Solution for National Reserve Bank of Tonga (NRBT)
 
1. Background
The NRBT is planning to implement a new network infrastructure to support its operations, including a proposed VPN solution for secure remote access and site-to-site connectivity. A preliminary network design has been developed, and an expert review is required to ensure the design meets technical standards, operational requirements, and best practices. As a central bank with critical national importance, the NRBT’s network infrastructure must adhere to the highest standards of security, reliability, and compliance with financial sector regulations and standards.
 
2. Objective
To conduct a comprehensive review of the proposed network design including VPN solution, and provide recommendations to optimize performance, security, scalability, and cost-effectiveness with particular emphasis on implementing robust security controls appropriate for a central banking environment.
 
3. Scope of Work
The consultant will:

General Network Infrastructure Review:

  1. Review all provided network design documents, including diagrams, specifications, and related technical materials.
  2. Assess the design for compliance with relevant industry standards (including ISO 27001, NIST Cybersecurity Framework, SWIFT Customer Security Programme where applicable), financial sector security frameworks, and organizational      requirements.
  3. Evaluate the design’s scalability, reliability, security, maintainability and performance.
  4. Conduct a comprehensive security analysis including:
    • Network segmentation assessment and zone-based security design.
    • Defense-in-depth strategy evaluation.
    • Threat modeling specific to central banking operations.
    • Analysis of data protection measures for sensitive financial information.
    • Review of access control mechanisms and privilege management.
    • Evaluation of encryption implementation.
    • Assessment of network monitoring and incident response capabilities.
    • Review of backup and disaster recovery network segregation.
  5. Identify any potential risks, gaps, or inefficiencies in the design.
  6. Provide practical recommendations for improvements or alternatives.
  7. Recommending appropriate hardware, software and network management tools.
  8. Prepare a detailed report summarizing findings, conclusions, and recommendations.
VPN Solution Assessment:
  1. Review proposed VPN architecture (site-to-site) and remote access configurations).
  2. Evaluate VPN security protocols, encryption standards, and key management.
  3. Assess authentication mechanisms, multi-factor authentication implementation, and certificate management.
  4. Review VPN capacity, redundancy, and failover capabilities.
  5. Analyze split-tunneling policies, access controls, and endpoint security requirements.
  6. Evaluate VPN integration with existing security infrastructure (firewalls, IDS/IPS).

Reporting:

  1. Prepare a detailed report summarizing findings, conclusions, and recommendations.
  2. Present findings to the project team and key stakeholders.

4. Deliverables
A comprehensive written review report including:

  1. Executive summary
  2. Detailed assessment of the network design.
  3. VPN solution and evaluation.
  4. Security analysis and risk assessment.
  5. Identified issues, gaps and vulnerabilities.
  6. Prioritized recommendations for improvements.
  7. Implementation roadmap (high level).
    • PowerPoint presentation of findings to the project team and executive management.
    • Final consultation session to address questions and clarify recommendations.

5. Duration.
The assignment is expected to be completed within 3 - 4 weeks from the date of contract signing, with the following milestones:

  1. Week 1 – 2 document review and analysis.
  2. Week 3 – Report preparation.
  3. Week 4 - Final report delivery and presentation.

6. Consultant Qualifications.
Required:

  • Minimum 7 – 10 years of proven experience in enterprise network design and architecture.
  • Demonstrate expertise with enterprise network technologies including next generation firewalls, VLANs, VPNs, routing protocols, and wireless systems.
  • Experience in reviewing and auditing network designs for financial institutions, government agencies, or organizations of similar size and complexity.
  • Knowledge of current networking technologies, protocols, and cybersecurity best practices.
  • Strong analytical, problem-solving, and technical reporting skills.
  • Experience with financial sector security frameworks and compliance requirements.

Preferred:

  • Relevant professional certifications (CCIE, CISSP, CNNP Security, CISA, or equivalent)
  • Previous experience working with central banks or financial regulatory institutions
  • Familiarity with SWIFT network security requirements
  • Knowledge of regulatory compliance in the financial service sector.

7. Confidentiality and Security
The consultant will be required to:

  • Sign a Non-Disclosure Agreement (NDA) prior to contract commencement.
  • Handle all NRBT documents, data and information with strict confidentiality.
  • Return or securely destroy all confidential materials upon completion of the assignment.
  • Comply with NRBT’s security policies and procedures during the engagement.

8. Reporting and Coordination
The consultant will report to Mrs. Kasaline Lolohea, Assistant Governor Operations, who will provide access to all necessary documents, coordinate meetings with technical staff, and facilitate stakeholder engagement as needed.

9. Budget
Interested consultants should provide a detailed fee proposal including:

  • Professional fees (daily/weekly rate or lump sum).
  • Any anticipated expenses (if applicable)
  • Payment methods.

10. Submission Requirements
Interested consultants should submit:

  • Cover letter expressing interest.
  • Detailed CV/resume highlighting relevant experience.
  • Proposed methodology and work plan.
  • Fee proposal.
  • Contact details for at least three (3) professional references from similar engagements.
  • Copies of relevant certifications.

Submission Deadline: 6th March 2026.

Submit to: [ This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. ]

11. Evaluation Criteria
Proposals will be evaluated based on:

  • Relevant experience and qualification (40%).
  • Proposed methodology and approach (30%).
  • Cost competitiveness (20%).
  • References and past performance (10%).

 

For more information
National Reserve Bank of Tonga
Telephone: (676) 24-057, (676) 27948
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.reservebank.to