Staff augmentation resources to assist in the formulation and drafting of a complete Information Security Management System to meet the requirements of ISO/IEC 27001:2013

ICC
Staff augmentation resources to assist in the formulation and drafting of a complete Information Security Management System to meet the requirements of ISO/IEC 27001:2013 Request for EOI

Reference: 126694
Beneficiary countries or territories: Netherlands
Published on: 07-May-2019
Deadline on: 31-May-2019 23:58 (GMT 2.00)

Description

Information Security Management System (ISO/IEC 27001:2013)

 

The Court seeks to obtain qualified and suitably experienced assistance, following a staff augmentation model, to assist in the development and implementation of a formal management system to address its needs for the protection of information.

 

The Court has identified that the requirements for an appropriate Information Security Management System (ISMS) are clearly articulated in the international standard ISO/IEC 27001:2013 (“Information technology – Security techniques – Information security management systems – Requirements”).

 

The Court does not wish, at this time, to achieve certification to the international standard.  However, it does wish to be compliant with the requirements.

 

The Court seeks to augment its existing capabilities to define, draft and promote the establishment and adoption of an ISMS that includes within its scope the Court’s core business processes and key information assets.

 

 

 

 

 

 

 

The Court anticipates that following a staff augmentation model, a suitable vendor will assist in;

•           the evaluation of the Court’s existing ISMS and related controls

•           the performance of a “gap analysis” against the control requirements in ISO 27001:2013 Annex A

•           the identification of key information assets

•           the performance of a formal risk assessment

•           the drafting of the required framework of controls (e.g. policies, procedures, guidelines, etc.)

•           the design and proposal of other required controls

•           the design and proposal of suitable training materials for Court staff

•           the communication of progress throughout the engagement.

 

The Court requires the services to be provided primarily on-site, at its headquarters in The Hague, The Netherlands, working alongside and with Court staff.  The staff augmentation model foresees the provision of a planned number of hours per month over the course of 12 months to complete the project.

 

The Court requires the services to be delivered in high quality business English (translation into other languages is not within scope of this engagement), and anticipates that deliverables will include formal written materials, presentations and assessments as well as management briefings.

 

Due to the confidentiality of the information obtained and used within this engagement, each individual contractor / vendor’s staff that work on the Court’s material must hold a valid security clearance equivalent to NATO SECRET.  Within the Netherlands, this is equivalent to AIVD/MIVD level B.  It is the responsibility of the vendor to obtain this clearance.

 

The selection of a suitable vendor will be based upon experience in successfully implementing ISMS according to ISO/IEC 27001:2013.