Informatsioon

Pakkumise viitenumber	ENISA/2022/LVP/0017-ExA
Pealkiri	Provision of Enterprise Risk Management Services
Kirjeldus	Please note that this is not a call for tenders but a publication announcing the Contracting authority’s intention to publish a future negotiated low or middle valueprocedure. ENISA is looking for a service provider that will support the Agency in its enterprise risk management activities, including IT security risk management, in order for the Agency to reduce the overall risk and to achieve its strategic objectives as they are set in the ENISA Single Programming Document (SPD) 2021-2023 (https://www.enisa.europa.eu/publications/corporate-documents/enisa-single-programming-document-2021-2023/). The underlying premise of enterprise risk management is that every organizational entity exists to provide value to its stakeholders. The project consists of two charters as described below: 1) Enterprise risk management The enterprise risk assessment work will be based on an existing ENISA’s enterprise risk management framework (based on the COSO methodology). This framework will be provided to the prospective contractor along with all the relevant details. The goal of this activity is to identify overall enterprise risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. In the light of this effort the following tasks are foreseen: - defining risk rating criteria - establish the risk appetite of the internal entities. - conduct comprehensive risk assessment that include the key areas and activities of the organization by interviews with relevant stakeholders / surveys/workshops. - assist the Agency in developing adequate risk classification that will provide a common understanding throughout the Agency. - populating the specific risk registers. - providing guidance on mitigation strategies. - map controls to specific risks. The final deliverables will be: - Enterprise risk assessment report and risk treatment plan 2022 - Updated enterprise risk assessment framework (on the basis of findings during the risk assessment process) 2) IT security risk management The IT security risk assessment work will be based on an existing ENISA’s risk management framework (ISO27001 as a reference), which the prospective contractor will further formalise and enhance on the basis of ENISA’s IT strategic framework, relevant IT security assessments and policies and additional requirement (e.g. legal or regulatory) in the field. All relevant material will be provided by ENISA to the prospective contractor. The goal of this activity is to enhance the Agency’s IT security risk management framework, as well as to identify specific IT security risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. The same tasks, as those under Enterprise risk management, are foreseen for this Charter, accordingly adjusted to the field of IT security. The final deliverables will be: - ENISA updated IT security risk assessment framework - IT security risk assessment report and risk treatment plan 2022
Lepingu liik	Teenused
Menetluse liik	Kavandatav läbirääkimistega menetlus: keskmise/väikese maksumusega lepingud
Olek	Suletud
TEDis avaldatud
Valikumeetod	Parim hinna ja kvaliteedi suhe
Main CPV	73000000

Osalemistingimused

Juurdepääs hankele	This tender procedure is accessible for EU/EEA countries only.

Tähised

Alguskuupäev	21/06/2022 00:00
Küsimise tähtaeg	N/A
Vastuse tähtaeg	N/A
Osalemise huvist teatamise tähtaeg	04/07/2022 23:59
Indikatiivne avaldamise kuupäev	05/07/2022

Osad

Pakkumiskutsel puuduvad osad.

Teated

Nothing found to display.