Informations

Numéro de référence de l'avis de marché	ENISA/2022/LVP/0017-ExA
Intitulé	Provision of Enterprise Risk Management Services
Description	Please note that this is not a call for tenders but a publication announcing the Contracting authority’s intention to publish a future negotiated low or middle valueprocedure. ENISA is looking for a service provider that will support the Agency in its enterprise risk management activities, including IT security risk management, in order for the Agency to reduce the overall risk and to achieve its strategic objectives as they are set in the ENISA Single Programming Document (SPD) 2021-2023 (https://www.enisa.europa.eu/publications/corporate-documents/enisa-single-programming-document-2021-2023/). The underlying premise of enterprise risk management is that every organizational entity exists to provide value to its stakeholders. The project consists of two charters as described below: 1) Enterprise risk management The enterprise risk assessment work will be based on an existing ENISA’s enterprise risk management framework (based on the COSO methodology). This framework will be provided to the prospective contractor along with all the relevant details. The goal of this activity is to identify overall enterprise risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. In the light of this effort the following tasks are foreseen: - defining risk rating criteria - establish the risk appetite of the internal entities. - conduct comprehensive risk assessment that include the key areas and activities of the organization by interviews with relevant stakeholders / surveys/workshops. - assist the Agency in developing adequate risk classification that will provide a common understanding throughout the Agency. - populating the specific risk registers. - providing guidance on mitigation strategies. - map controls to specific risks. The final deliverables will be: - Enterprise risk assessment report and risk treatment plan 2022 - Updated enterprise risk assessment framework (on the basis of findings during the risk assessment process) 2) IT security risk management The IT security risk assessment work will be based on an existing ENISA’s risk management framework (ISO27001 as a reference), which the prospective contractor will further formalise and enhance on the basis of ENISA’s IT strategic framework, relevant IT security assessments and policies and additional requirement (e.g. legal or regulatory) in the field. All relevant material will be provided by ENISA to the prospective contractor. The goal of this activity is to enhance the Agency’s IT security risk management framework, as well as to identify specific IT security risks and how the risks are percolating in all the activities and areas of ENISA and provide adequate risk treatment plans. The same tasks, as those under Enterprise risk management, are foreseen for this Charter, accordingly adjusted to the field of IT security. The final deliverables will be: - ENISA updated IT security risk assessment framework - IT security risk assessment report and risk treatment plan 2022
Type de marché	Services
Type de procédure	Procédure négociée planifiée pour les marchés de moyenne/faible valeur
Statut	Fermé
Publié sur TED
Méthode d’attribution	Meilleur rapport qualité/prix
Main CPV	73000000

Conditions de participation

Accès aux marchés publics	This tender procedure is accessible for EU/EEA countries only.

Étapes

Date de commencement	21/06/2022 00:00
Date limite pour les questions	N/A
Date limite pour les réponses	N/A
Date limite pour manifester son intérêt	04/07/2022 23:59
Date indicative de lancement	05/07/2022

Lots

L'appel d'offres ne contient aucun lot.

Avis

Nothing found to display.