A. Project activity title
APHR Information Security and Digital Risk Assessment and Management
B. Organizational context
APHR is a regional network of current and former parliamentarians who use their unique positions to advance human rights and democracy in Southeast Asia. We seek to help create a region where people can speak out without fear, live free from all forms of discrimination and violence, and where development takes place with human rights at the forefront.
Our members use their tenure to advocate for human rights inside and outside parliaments, regionally and globally. They work closely with civil society, conduct fact-finding missions and issue recommendations and opinions on the most important issues affecting the region.
APHR was born out of the recognition that human rights issues in Southeast Asia are interconnected and the desire of progressive lawmakers to work together across borders to promote and protect human rights.
Staff security is one of the biggest challenges faced by non-governmental organizations and civil society organizations due to the growing insecurity, threats and violence they face in the course of their work. and their advocacy for human rights.
As civil society actors, including parliamentarians, increasingly face threats and reprisals for their work, it becomes more imperative that they adopt mitigation and preventive measures to protect their operations and the safety and security of their staff, members and partners. Southeast Asia reflects the global trend of increased repression of civic space, with the rise of authoritarian regimes in countries where APHR operates and growing intolerance of dissent and criticism . As APHR also becomes more well-known and effective in its public advocacy, it must also assess the potential risk and threats that the context in which it works might have to its security and the safety of its staff, its board of directors and its members, be prepared to mitigate them. risks and respond to them effectively.
C. Scope of work
APHR is looking for a consultant or a firm that will carry out Information Security and Digital Risk Assessment and Management that will allow APHR to operate and share information as safely and securely as possible.
The consultant/firm will review APHR’s digital information and vulnerabilities such as (but not limited to):
- cyber security
- Cloud technology
- Data security and leaks
- Data Privacy
- Process Automation
- Compliance and Resilience
- Third party risk
- Staff awareness and capacity
The consultant/company must provide an information security assessment report and a digital security audit report. The work and deliverables expected to be carried out are:
a. Perform testing and analysis including APHR desktop online platforms and technical environments for sound architectures, correct configurations and system level vulnerabilities.
b. Develop information security policy guidelines and control and monitoring mechanisms based on the results of the assessment;
vs. Develop a digital security plan and strategy to achieve a high level of security program maturity on the following (but not limited to):
– Use of social media
– Regulatory compliance and information security policy
– Processes and Procedures
– Technical architectures and configurations
– Vulnerability and risk management
– Security checks and continuous monitoring
– Threat detection and incident response
– Resources, skills and awareness training
D. Provide awareness training to board and staff to share digital security best practices and information security risk assessment results.
D. Expected results and proposed activities
Expected results/proposed activities
1. Kick-off meeting and report = 1st week
2. Perform testing and vulnerability scans = 2nd-3rd week
3. Schedule of meetings with board members and staff = 3rd to 4th week
4. Write and present findings of Information Security Report and Digital Risk Assessment Report = 5th-6th week
5. Finalize Information Security Report and Digital Risk Assessment Report based on additional feedback from APHR = Week 7-8
6. Write and finalize the Information Security Management Policy and Digital Security Plan = 8th-9th week
7. Security awareness trainings for board and staff = 10th week
E. Duration of works
The duration of the consultation will be two and a half (2.5) months from July 15 to September 30, 2022.
F. Duty station
Selected consultants/companies will work remotely/online. No local travel is required.
G. Qualifications of Individual Contractor/Team/Company Successful
The successful candidate/company will have the following qualifications:
- Bachelor’s degree in information management or related courses;
- At least 7 years of industry experience in the field of information management and digital security focused on NGOs and human rights organizations;
- Have at least 2 completed similar projects or consultations with NGOs in high risk or volatile situations;
- Excellent qualifications in cybersecurity, penetration testing and familiarity with industry best practice frameworks;
- Certified professional developer, Java, PHP, MySQL, Oracle, PostgreSQL and other Opensource technologies;
- Certified professional network virtualization storage, cloud technologies;
- Knowledge of human rights issues, threats and vulnerabilities faced by human rights organizations in the South East Asia region;
- Excellent skills in facilitating information and digital security training to NGOs;
- Strong communication and writing skills, demonstrated ability to deliver effective presentations to various audiences.
How to register
H. Offer requirements
For APHR to assess your experience and qualifications, please send the following documents:
- duly accomplished letter of interest including contact person and contact details (email and telephone);
- Brief profiles/Short CV of consultant or team members indicating education, expertise and experience;
- Technical Proposal/Brief Description your experience and your added value, including the activities proposed, the methodology and the tools to be used.
- Financial proposal which indicates the total contract price, supported by a cost breakdown.
I. Submission deadline
The consultancy proposal package including an expression of interest, technical and financial proposals and a short CV/brochure must be submitted no later than **Friday, June 24, 2022 at 6:00 p.m. Jakarta time (GMT+7)** to [email protected]
Please note that only shortlisted candidates/companies will be contacted.
APHR is committed to diversity and inclusion within its workforce and encourages qualified applicants of all genders from all national, religious and ethnic backgrounds, including persons with disabilities, to apply.