Info om planlagte udbud

Titel:
Provision of Enterprise Risk Management Services
Ordregivende myndighed:
European Union Agency for Cybersecurity (ENISA)
Startdato:
21/06/2022
Frist for at tilkendegive interesse:
04/07/2022
Status:
Lukket
Information
ENISA/2022/LVP/0017-ExA
Provision of Enterprise Risk Management Services
Please note that this is not a call for tenders but a publication announcing the Contracting authority’s intention to publish a future negotiated low or middle valueprocedure.

ENISA is looking for a service provider that will support the Agency in its enterprise risk management activities, including IT security risk management, in order for the Agency to reduce the overall risk and to achieve its strategic objectives as they are set in the ENISA Single Programming Document (SPD) 2021-2023 (https://www.enisa.europa.eu/publications/corporate-documents/enisa-single-programming-document-2021-2023/). The underlying premise of enterprise risk management is that every organizational entity exists to provide value to its stakeholders. The project consists of two charters as described below: 1) Enterprise risk management The enterprise risk assessment work will be based on an existing ENISA’s enterprise risk management framework (based on the COSO methodology). This framework will be provided to the prospective contractor along with all the relevant details. The goal of this activity is to identify overall enterprise risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. In the light of this effort the following tasks are foreseen: - defining risk rating criteria - establish the risk appetite of the internal entities. - conduct comprehensive risk assessment that include the key areas and activities of the organization by interviews with relevant stakeholders / surveys/workshops. - assist the Agency in developing adequate risk classification that will provide a common understanding throughout the Agency. - populating the specific risk registers. - providing guidance on mitigation strategies. - map controls to specific risks. The final deliverables will be: - Enterprise risk assessment report and risk treatment plan 2022 - Updated enterprise risk assessment framework (on the basis of findings during the risk assessment process) 2) IT security risk management The IT security risk assessment work will be based on an existing ENISA’s risk management framework (ISO27001 as a reference), which the prospective contractor will further formalise and enhance on the basis of ENISA’s IT strategic framework, relevant IT security assessments and policies and additional requirement (e.g. legal or regulatory) in the field. All relevant material will be provided by ENISA to the prospective contractor. The goal of this activity is to enhance the Agency’s IT security risk management framework, as well as to identify specific IT security risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. The same tasks, as those under Enterprise risk management, are foreseen for this Charter, accordingly adjusted to the field of IT security. The final deliverables will be: - ENISA updated IT security risk assessment framework - IT security risk assessment report and risk treatment plan 2022
Tjenesteydelser
Planlagt procedure med forhandling vedrørende kontrakter af mellemstor og lav værdi
Lukket
Ikke aktiveret
Bedste forhold mellem pris og kvalitet
73000000
Vilkår for deltagelse
This tender procedure is accessible for EU/EEA countries only.
Tidslinje
21/06/2022 00:00
04/07/2022 23:59
05/07/2022
Partier Udbuddet er ikke inddelt i partier
Bekendtgørelser Nothing found to display.