Information and Cyber Security Consultancy Services

Request for Proposal

Information and Cyber Security Consultancy Services

RFP/BEY/22/012

FOR

DANISH REFUGEE COUNCIL (LEBANON)

The Danish Refugee Council assists refugees and internally displaced persons across the globe: we provide emergency aid, fight for their rights, and strengthen their opportunity for a brighter future. We work in conflict-affected areas, along the displacement routes, and in the countries where refugees settle. In cooperation with local communities, we strive for responsible and sustainable solutions. We work toward successful integration and whenever possible – for the fulfilment of the wish to return home.  

The Danish Refugee Council was founded in Denmark in 1956, and has since grown to become an international humanitarian organization with more than 7,000 staff and 8,000 volunteers. Our vision is a dignified life for all displaced. All of our efforts are based on our value compass: humanity, respect, independence and neutrality, participation, and honesty and transparency.

Operating since 2004 in Lebanon, DRC has addressed the needs and rights of vulnerable populations, working initially with Palestinian refugees (since 2004), Iraqi refugees (2007-2010), Lebanese IDPs (during the 2006 conflict), migrant domestic workers (since 2009), responding to the Syrian refugee crisis (since 2011) and to Lebanese crisis (since 2019).

DRC Lebanon is currently delivering programming in protection, livelihoods, and community development interventions. This myriad programming seeks to address the immediate needs of displaced populations and concurrently support vulnerable host populations. DRC has three offices spread throughout Lebanon in, Beirut, the Bekaa and North. 

For further information about DRC, please refer to our website: https://drc.ngo/

Objectives:

Some of the Danish Refugee Council’s interventions are designed to improve protection and effectiveness of the humanitarian response in Lebanon by enhanced coordination through joint analysis, planning and response. DRC Lebanon manages and collects data using different methods in paper format or in digital forms such as excel, online systems. DRC Lebanon has developed a beneficiary centric integrated system for three main sectors Protection, Economic Recovery, a Referral Information Management System “RIMS” that serves as humanitarian common platform to manage referrals between partners (local, international NGOs and UN Agencies) in Lebanon along with internal information management systems for MEAL and Safety departments. The Referral Information Management System ”RIMS” has the capacity to generate two categories of valuable data that can be used to improve humanitarian response: 1) information on the effectiveness and timeliness of referral processes and 2) gaps in service provision across sectors. To that end, DRC analyses aggregated information from RIMS partners to produce analysis on relevant trends and gaps. DRC Lebanon has developed Memorandum of Understanding, draft Data protection policy for RIMS with embedded basic Data Sharing Agreement to regulate the relation between different RIMS users who are Local NGOs, International NGOs, and UN Agencies. In addition, RIMS has the capacity to link to other online platforms through Application Programming Interface “API”.

DRC is seeking to appoint an Information and Cyber Security Consultant for the following:

The Information Security Consultant is responsible for reviewing, assessing, analysing the DRC’s Lebanon information management system functions ALPHA and RIMS, focusing on the system's application security, network security, database security, server, cloud security and data from cyberthreats, in order to understand the risks and how vulnerable the systems. Then, the consultant will suggest recommendations, practices, tools and develop a cybersecurity strategy in order to minimize those risks and enhance the protection of DRC Lebanon systems when it comes to cyber threats. Alpha and RIMS are both online systems hosted on the cloud. RIMS is being used by more than 110 organizations to manage and track internal and external referrals within and across humanitarian sectors. Also, the information and Cyber Security Consultant is responsible for answering audit questions, and advise on security improvements recommendation along with detailed written guidelines. Finally, he/she will support data protection focal points in drafting the data protection policy by reviewing the existing information security policies and adding them as annexes to the data protection policy. 

Responsibilities:

• Develop, review and update -when necessary- information security polices for both Alpha and RIMS including security of personal data, and sharing data with partners;
• In close coordination with the Data Protection Consultant and/or other Data Protection focal points the consultant will support -when needed- with providing inputs to the data protection policy including information security annexes that might be attached to the DRC’s national data protection policy.
• Assess, review, and provide technical solutions on the current server hosting plan, data storage and management of servers;
• Assess, review, and provide technical solutions on the functionalities and features of Alpha and RIMS related to data security driven from global systems such as CPIMS+ and GBVIMS+
• Tests security vulnerabilities using different accredited tools for Alpha and RIMS to expose system’s shortcomings and flaws, and use the results to improve security and prepare for outside attacks on monthly basis. Additionally, recommends good practices to keep IM Systems secure, produces monthly security snapshots, and quarterly full security reports. The systems are developed using ASP.net published version hosted on UBUNTU servers on Azure cloud services using Apache2 and Tomcat web services.
• Develop an early warning system –where possible- to help DRC’s IM and IT Teams in identifying/noting the potential attempts/risks/signs of cyber-attack attempts or data breach
• Communicate with the Information Management Consultant who is supporting in the development and maintenance of DRC’s Lebanon Information Management Systems in case any security vulnerability is identified as a result of the source code and/or internal system libraries.
• Support IM and IT teams in answering cyber security and security audit questions.
• Provides DRC’s Lebanon IM Team with basic tools to test security vulnerabilities at application, server and database levels and creates procedures in case a data breach is detected;
• Review and update data security checklist to gauge if essential practices are in place in programme(s), on how to process data and information in a secure manner;
• Reviews and updates business continuity, backup and recovery plans for online systems and databases;
• Review and update the long-term plan and solution to keep the IM System secure.
• Other duties as agreed with the Head of Program and/or Information Management Coordinator in line with objectives above and weekly work plans.

     The Consultant will be required to prepare a detailed methodology and work plan indicating how the objectives  the project will be achieved, and the support required from DRC.

RFP Issuing date: 23rd of  September 2022

Online technical meeting: 28th of September 2022 at 11:00 am Via TEAMS

RFP Closure Date: 7th of October 2022 at 14:00 pm