FINISHED: Consultant Request for Digital Security Audit and Consulting

Date of holding: 2023-11-10 00:00
The deadline for submitting documents: 2023-11-10 00:00
Finished

A. Introduction

Pact is an international development nonprofit that works on the ground in nearly 40 countries to end poverty and marginalization. We partner with local organizations, businesses, and governments to build lasting solutions for thriving, resilient communities. Our vision is a world where everyone owns their future. Pact has worked in Ukraine since 2006 in the areas of governance, capacity development, and health. Building on a decade of experience, we address key challenges facing civil society organizations in Ukraine.

This Consultant request (CR) is a part of the Activity to Enhance Non-Governmental Actors and Grassroots Engagement (ENGAGE). The purpose of ENGAGE is to increase citizen awareness of and engagement in civic activities at the national, subnational, and local level.

The issue of digital security has long been a matter of importance within the civil society sector in Ukraine. However, this concern has taken on even greater significance with the start of a full-scale Russian invasion. Recent findings from the Digital Security Lab reveal a dramatic increase in cyber-attacks targeting civil society organizations, with a notable shift in the nature of these attacks compared to pre-February 2022 incidents. Specifically, there has been a rise in attempts to compromise digital security in online platforms and social media channels. Digital security assessment of CSOs conducted by ENGAGE shows that ENGAGE’s partners also have suffered from attempts at breaches of cyber- and digital security both before and after the beginning of Russia’s full-scale war against Ukraine.

The goal of this CR is to hire a Ukrainian consultant to conduct digital security audits and provide digital security consultancy for 30 institutional partner CSOs.

B. Scope of Work

ENGAGE’s institutional partner CSOs play a vital role in promoting democracy, human rights, social justice, and Eurointegration in Ukraine. Safeguarding their digital security is essential for maintaining their independence, strengthening the resilience, and effectively driving reforms in Ukraine. ENGAGE’s assessment indicates CSOs’ need and intention to improve current digital security practices and solutions through conducting security audits.

Responding to the identified need, Pact/ENGAGE aims to enhance the organizational capacity of partner CSOs through increasing the level of their digital security. ENGAGE plans to provide 30 institutional partner CSOs with professional services, including digital security audits and subsequent consultancy, to address their weaknesses identified during the conducted audits and support the CSOs in strengthening their digital security practices.

Expected Results:

  • CSOs organizational capacity in the area of digital security improved;
  • CSOs ensure that digital security risks are addressed;
  • CSOs institutionalized digital security measures on the organizational level.

Purpose: to enhance the organizational capacity of ENGAGE institutional partner CSOs in digital security by assessing their internal capabilities, identifying areas for improvement, and providing actionable advice on strengthening security practices.

Objectives:

  • to assess institutional partners CSOs’ digital infrastructure, systems, processes and identify vulnerabilities, weaknesses, and gaps in the overall security posture;
  • to identify areas for improvement and guide the implementation of necessary measures to protect against digital threats and enhance overall security;
  • to support institutional partner CSOs in addressing identified weaknesses and strengthening their digital security practices by providing professional consulting services.

Duties and Responsibilities:

To achieve the abovementioned objectives, the tender is divided into two lots. Prospective consultants can submit a proposal for one of the selected lots, or for both lots at the same time.

 

LOT 1. Conduct digital security audit for 30 core partner CSOs.

Task 1: To develop an outline of approach to digital security audit for 30 ENGAGE institutional partner CSOs.

Task 2: To prepare a digital security checklist taking into account the types of digital citizen engagement tools that the CSOs are using.

Task 3: To conduct digital security audits for 30 institutional partner CSOs.

Task 4: To develop context-specific action plans for emergency cases of perceived breaches of digital security and day-to-day maintenance of digital security. These action plans should adhere to internal organizational regulation and relevant external regulation.

Task 5: To prepare general final report on the digital security for CSOs and individual reports for each CSO (In English and Ukrainian). The individual reports for each CSO should provide detailed findings and recommendations specific to each CSO, along with context-specific action plans and establish baselines for the next security audits. The general final report should include the general results, key takeaways, recommendations for the further development of digital security of CSOs.

The digital security audits should be designed and conducted from the point of view of the CSOs’ context-specific situations, target audiences, locations, and digital citizen engagement tools which influence the current security practices and they ways they can be expected to develop in the future. The selected consultant(s) can expect to work in close partnerships with the CSOs and Pact/ENGAGE.

LOT 2. Provide 30 institutional partner CSOs with professional consultancy services on digital security development.

Task 1: To prepare a comprehensive digital security consultation framework for 30 institutional partners CSOs which includes methodology, and timeline for the consultancy services. Consultant is expected to conduct at least three individual sessions per CSO partner. The final framework should be based on the individuals CSOs’ action plans received after digital security audit.

Task 2: To provide digital security consultancy services to 30 core partner CSOs. The digital security consultancy services should help CSOs to implement their individual action plans and cover the following aspects but not to be limited to:

  • assist in the development of policies, procedures, and guidelines related to digital security;
  • offer recommendations for appropriate tools, technologies, and software solutions to enhance digital security;
  • provide feedback and suggestions for improvement based on emerging threats and evolving best practices.

The contractor should maintain accurate and up-to-date documentation of the consultancy process and track the partner’s digital security advancements.

Task 3: To prepare comprehensive report on digital security consultation which includes an overview of the consultancy services delivered and achieved results for each CSO, lessons learned, common challenges identified, as well as further recommendations for enhancing digital security among partner CSOs.

Deliverables:

Under LOT 1:

  • Final concept of digital security audits for 30 ENGAGE institutional partner CSOs.
  • Digital security check-lists for 30 ENGAGE institutional partner CSOs.
  • Digital security audits for 30 ENGAGE institutional partner CSOs conducted;
  • Context-specific action plans for emergency cases of perceived breaches of digital security and day-to-day maintenance of digital security for 30 ENGAGE institutional partner CSOs.
  • General final report on digital security for CSOs and individual reports for 30 ENGAGE institutional partner CSOs (in English and Ukrainian).

Under LOT 2:

  • Final concept of digital security consultation for 30 ENGAGE institutional partner CSOs;
  • Consulting sessions for 30 ENGAGE institutional partner CSOs conducted;
  • Report on the digital security consultation (in English and Ukrainian).

Place of Performance: All services required under this solicitation will be performed in Ukraine.

Period of Performance: All services required under this solicitation will be delivered from November 15, 2023 – April 30, 2024.

Expected Level of Effort: Estimated Level of Effort is 128 consulting days (under Lot 1) and 55 consulting days (under Lot 2).  In frame of the timeline, all deadlines and due dates could be negotiated if strong arguments are laid in the proposal.

C. Qualifications

  • Excellent knowledge of the current cyber- and digital security environment in Ukraine, especially in the context of Russia’s full-scale war against Ukraine and its hybrid and cyber aspects.
  • Excellence in the fields of cyber security solutions, digital security and ‘tech-for-good’ (at least 5 years of previous experience).
  • Proven record of supporting Ukrainian CSOs through tech solutions.
  • Proven experience in conducting security audits, especially with CSOs.
  • Excellent writing and presentation skills, especially for purposes of reporting.
  • Fluency in English is preferable.

 

D. Eligibility

All proposals which fail to comply with the basic minimum requirements outlined in the solicitation shall be eliminated. See Sections C and E.

E. Application Instructions

Proposals must be submitted electronically to kbondar@pactworld.org no later than 17:00 on November 10, 2023 (Kyiv time). The subject line should contain: “Proposal under Consultant Request P4767-2023-19.”

Documentation required for application:

  • Resume/CV. A short profile of an applicant featuring expertise and experience relative to the goals and objectives of this Consultant Request.
  • Resume of a consultant or all experts engaged into the implementation the task if it is more than one person.
  • Technical Proposal: A general outline of digital security audits and description of the consulting support provision for CSOs (which later, in case of the applicant’s selection, will be revised for the cases of the 30 partner CSOs based on their existing cyber- and digital security practices and the types of digital citizen engagement tools they are using).
  • Financial proposal (budget) in Excel file (in UAH currency). Clearly stated LOE with a requested rate per each Deliverable for consultants and per day.

Questions: All questions or clarifications regarding this Consultant Request must be in writing and submitted to kbondar@pactworld.org no later than 17:00 on November 6, 2023 (Kyiv time). The subject line should contain: “Questions to Consultant Request P4767-2023-19” Questions and requests for clarification, and the responses thereto, will be circulated to all Consultant Request recipients who indicate an interest in this Consultant.

F. Evaluation Criteria

Pact will evaluate applicants using the following criteria (100 points in total):

  • Qualifications (Expertise of an applicant and ability to perform tasks outlined in this Consultant Request) – 40 points
  • Technical Proposal (Comprehensiveness, consistency, relevancy of the suggested concept of cyber- and digital security audits) – 30 points
  • Financial Proposal (Cost-effectiveness) – 30 points.

G. Terms and Conditions

Disclaimers:

  • Pact reserves the right to modify by written notice the terms of this solicitation at any time in its sole discretion. Pact may cancel the solicitation at any time.
  • Pact may reject any or all proposals received.
  • Issuance of solicitation does not constitute award commitment by Pact.
  • Pact reserves the right to disqualify any quotation based on applicant’s failure to follow solicitation instructions.
  • Pact will not compensate applicants for their response to the solicitation.
  • Pact reserves the right to issue an award based on initial evaluation of applications without further discussion.
  • Pact may choose to award only part of the scope of work in the solicitation or to issue multiple awards the scope of work.
  • Pact reserves the right to waive minor proposal deficiencies that can be corrected prior to award determination to promote competition.
  • Pact may contact applicants to confirm information and that the proposal was submitted for this solicitation.
  • Pact may contact listed past performance references without notice to the applicant. Pact also reserves the right to contact other past performance information sources that the applicant did not list in the proposal.
  • By submitting a proposal, the applicant confirms they understand the terms and conditions.
  • Information pertaining to and obtained from the applicant as a result of participation in this solicitation is confidential. The applicant consents to the disclosure of the documents submitted by the applicants to the reviewers involved in the selection process. Please note that all reviewers are bound by non-disclosure agreements.