Skip to main content

Vulnerability Assessment and Management Service

Reference Number
EoI - Vulnerability Assessment and Management Service
Procurement procedures
Request for Expression of Interest (EOI)
Launch date
06 October 2015
, Europe/Vienna
Expected contract duration
3 years
On behalf of

Summary of Requirements


The Organization for Security and Cooperation in Europe (OSCE) is interested to establish a Contract for the provision of a Vulnerability Assessment and Management Service.

Technical landscape of the OSCE

The Organisation operates a distributed information systems architecture, with servers primarily concentrated at the organisation’s secretariat offices in Vienna, Austria, and distributed infrastructure and local application servers in several locations across Europe and Central Asia. For some locations, IT infrastructure is connected to the internet and corporate network via high latency networks such as satellite links.

The OSCE’s current Information Technology landscape mainly consists of the following:

  • Microsoft environment comprising servers and exchange servers;
  • Collaboration platform and document management;
  • Externally hosted website environment (Webhosts, Content Management System);
  • Electronic Document and Records Management System (Livelink/Open Text Content Server);
  • Oracle EBS and databases;
  • Physical servers and VMware virtualization;
  • The volume of external servers is approximately 100 devices, with approximately 500 internal servers and infrastructure elements. There are approximately 3000 end user devices on the internal network.

Areas of Interest

Provide a Vulnerability Assessment and Management platform that provides capabilities to:

  • Assess the vulnerabilities of the OSCE’s Internet facing and internal servers and applications;
  • Provide the technical community within the OSCE with a tool to assess and self-manage identified vulnerabilities and ensure compliance with security requirements;
  • Provide strong management reporting to facilitate assessment of overall vulnerability status and risk assessment;
  • Support a variety of deployment scenarios to accommodate scaling the service and to adapt to a changing architecture.

Vendor requirements


  • Pool of trained, knowledgeable functional and technical English speaking consultants;
  • Experience with and significant supported deployments of any proposed solution;
  • Externally verifiable security assurance for data stored and managed by any cloud based solution.

EoI procedure

Should you company become interested and capable to participate in the competitive tender process, please send your respond by email to Mr. Yury GOLOVKOV, OSCE Secretariat Procurement at

Kindly include in your response the following information:

1. Your company’s feedback on the above requirements;
2. Name and email address of your company staff to receive the tender document.

Please note that this is not an invitation for submission of a proposal.
This is the Request for Expression of Interest (EoI) to identify qualified service providers interested and capable in participating in the tender process.