OGP Cyber Risk Management – Contracting Opportunity
In 2011, government leaders and civil society advocates came together to create a unique partnership—one that combines these powerful forces to promote transparent, participatory, inclusive and accountable governance. The Open Government Partnership’s (OGP) founding mission and vision remain as powerful today as they were in 2011, and yet the context for our work has changed profoundly. OGP has grown into a mature partnership, with 78 national members, a growing number of local governments and thousands of civil society participants. Together they have co-created over 4000 open government reforms, of which a significant proportion have shown major impact. The OGP Support Unit has staff in 13 different countries, working together and supporting the community through technology. As OGP has been growing, the wider geopolitical context has been one of democratic backsliding, closing civic space and the rise of authoritarian and populist politics, including in OGP member countries.
OGP is increasingly dependent on IT infrastructure to carry out its activities, communicate, and store data. We see the need to minimize vulnerabilities related to technology by strengthening communication and information security and data protection as a long-term operational priority for OGP. To this end, OGP is seeking outside assistance from cybersecurity experts to:
- assess the extent to which OGP has the necessary infrastructure and resources to provide adequate protection; and
- from the results of the assessment, develop and support the implementation of recommendations to strengthen OGP’s cybersecurity strategy and implementation efforts.
Cybersecurity (IT security) is related to the protection of computer systems or networks from information disclosure, theft of or damage to hardware, software or data, as well as from the disruption of service. Protection related to targeted phishing or social media attacks against OGP staff is also an important consideration.
OGP anticipates offering a consultancy to a firm on a cost basis, with an anticipated start date of July 2021. After the initial assessment, there is a possibility of entering into a continuing relationship with the firm, both to implement changes based on recommendations made, and for ongoing IT services.
Services Needed, Expected Deliverables and Anticipated Timeframe
- August 2021: Complete review of OGP’s current cyber infrastructure (including policy framework, security infrastructure of third party providers and IT support provider, vulnerabilities of organizational IT and communication resources that could expose OGP to cyber risk, adequacy of preventative measures in place, including insurance protection, etc.) to assess areas of exposure and levels of risk for each area.
- September 2021:
- Report with recommendations to reduce organizational exposure to cyber risk, categorized by risk factor and prioritization of need.
- Internal FAQs for best practices to address common cyber risks and protective measures.
- October 2021:
- Collaboration in updating of OGP’s organizational policies regarding cyber risks.
- November 2021:
- Design staff training about cybersecurity as a risk mitigation effort
- Demonstrated expertise in assessing the IT infrastructure and risk exposure of international organizations of OGP’s size and profile.
- Demonstrated expertise in a broad category of IT services, ranging from assessing existing IT assets, knowledge of multiple means of managing IT risk (from internal guidelines to insurance to firewalls to use of third party platforms, etc).
- Ability to clearly articulate an approach to assessing OGP’s current IT risk status and make thoughtful and implementable recommendations about how to ensure that OGP is managing its IT risks to the best extent possible, given available resources.
- Ability to work flexibly across multiple timezones, regions and varying levels in quality of regional IT resources.
- Ability to communicate, in writing and verbally and describe IT issues to audiences without an in depth knowledge of IT structures and risks.
- Availability to engage in the IT assessment work between July and December 2021, with the goal of issuing a report of findings and recommendations in September 2021. As noted below, there is a potential for entering into a longer term relationship for ongoing IT services.
How To Apply
- Please submit your proposal that demonstrates fit for the assignment which should include a timeline for expected delivery, and an estimate of the total cost, to email@example.com. Please add “Cybersecurity Risk Management Proposal” to the subject of your email. The deadline to submit applications is June 25.
- Interested candidates may submit clarifying questions regarding this opportunity by June 15 to firstname.lastname@example.org prior to the application deadline. Please include “Cybersecurity Risk Management Consultancy” to the subject of your email. Responses to questions will be shared with all candidates by June 18.