Summary of Requirements

The Organization for Security and Co‐operation in Europe (OSCE) seeks proposals from qualified and experienced companies to establish a “one‐off” Contract for the provision of professional services to conduct audit of the OSCE’s Information Security Management System (ISMS).

The appointed Contractor will be tasked to undertake an OSCE-wide internal audit of the overall capability of the OSCE’s ISMS (including, inter alia, the following elements: governance structure, risk management, resource management, regulatory framework as well as user awareness and the current security measures that are in place) by benchmarking it against ISO/IEC 27001:2013 and other industry best practices.

To participate in the tender process, the following mandatory requirements shall be fulfilled by the tender Requestor:

• Experience in dealing with ISMS and the underlying risks and controls in the cultural and operational environment characteristic of complex public inter-governmental sector organizations;
• Operational capacity to perform analytical work;
• Senior-level Specialist knowledgeable in the area of design, implementation and management of ISMS and ISO 27000, together with a proven track record of managing similar reviews in large International Institutions.

The copy of the solicitation document can be obtained via the below request form.