REOI - Cybersecurity Awareness Services

Deadline for submission of Expression of Interests is 12 June 2026. Responses must be submitted via InTend. Do not submit your responses via email. In your response, please submit a completed Annex A and B. ---- Overview The United Nations International Computing Center (UNICC) invites vendors to submit an Expression of Interest (EOI) for the provision of a Security Awareness and Human Risk Management Solution. UNICC seeks to engage a vendor capable of delivering a comprehensive, SaaS-based security awareness platform to multiple United Nations Agencies through a centrally managed multi-tenant architecture. The solution is expected to support global, diverse environments and contribute to strengthening organizational security culture and reducing human cyber risk. The envisaged solution shall enable UNICC and its partner agencies to move beyond compliance-based training towards a risk-driven, intelligence-led approach aligned with international best practices, including the SANS Security Awareness & Culture Maturity Model. Key Functional Requirements Vendors are expected to demonstrate capabilities in the following areas: • Multi-Tenant Platform: A centralized environment enabling management of multiple agencies (tenants) with strict logical separation of data, configurations, and reporting, while providing global administrative oversight. The solution must be scalable to support additional organizations. • Human Risk Intelligence: A centralized capability to aggregate and analyze behavioral data, phishing exposure, and user risk indicators, providing actionable insights and trends across the organization. • Threat-Informed Content: Continuous delivery of up-to-date training content and phishing simulations based on real-world threats, attacker techniques, and social engineering campaigns. • Campaign Management: Advanced capabilities to design, schedule, execute, and monitor awareness campaigns and phishing simulations across different user groups and organizational units. • Reporting and Analytics: Multi-level reporting (operational, tactical, strategic) including user engagement, behavioral trends, risk reduction, and program maturity metrics. Export capabilities in standard formats (e.g., PDF, CSV). • Risk-Based Training: Adaptive and targeted training programs based on user behavior and risk scoring, including automated remediation actions. • Integration Capabilities: Support for integration with enterprise systems (e.g., identity providers such as Microsoft Entra ID and Google Workspace), including SSO, SCIM provisioning, and secure APIs for data exchange. • Phishing Reporting: Native mechanisms enabling end users to report suspicious emails directly from their email clients. • Multilingual Support: Availability of training content and simulations in multiple languages, including the six official United Nations languages. • Content Management: Modular, role-based training content with embedded assessments, scoring, certification tracking, and continuous updates aligned with emerging threats. • AI-Assisted Capabilities: Support for AI-driven creation and customization of awareness content and simulations. • Service Delivery and Support: 24/7 platform availability and technical support, including SLA-driven incident handling and lifecycle support. • Security and Compliance: Implementation of appropriate data protection and security controls, including encryption, access control, and audit logging. UNICC intends to invite selected vendors to participate in a formal solicitation, via a Request for Proposals (RFP), at a later stage, for the above requirements. Complete details of the requirements will be included in the solicitation documents.