Skip to main content

EFSA ISO 27001 Management Systems - Awareness Improvement for EFSA Managers and Staff

Approximate launch date:
September 2021
  • Ref.: NP/EFSA/CORSER/2021/01
  • Budget: 55.000 €
  • Approximate launch date: Mid-September 2021
  • Deadline to register interest10/09/2021
  • Background: The “Decision of the Executive Director of the European Food Safety Authority concerning the Assurance on Converged Security and Business Continuity” (ref. EFSA/UNIT/DEC/18103190/2017) establishes EFSAs will to “Continuously improve Converged Security and Business Continuity management system by implementing balanced comprehensive, holistic and systematic framework for security and continuity governance management” and to “Adopt international standards or guidelines that are aligned with the security approach of EU bodies and institutions”. As reported to EFSAs Assurance Council, EFSA information security will maintain an Information Security Management System that is aligned with ISO 27001 and will endeavor to improve the maturity of this management system as per the above decision. On the 12/03/2021 EFSA ED endorsed the initiation of a project, to be executed between 2021 and 2022, aimed at implementing an Information Security Management System compliant and certifiable as per the ISO 27001 standard. Within this context, ensuring an adequate level of Information Security Awareness is a key pillar to achieve the proper level of organizational maturity and effectiveness in managing cyber aspects
  • Objectives:

1. Deliver 5 online real-time awareness sessions (min 1 hour, max 2 hours) each to EFSA managers (ED, Heads of Departments and Heads of Units) in the following topics:

  • Cybersecurity Challenges (General Cybersecurity for Managers)
  • IoT Security;
  • Quantum Security;
  • Artificial Intelligence Cybersecurity;
  • Big Data Security.

​​​​​​​​​​​​​​​​​​​​​Timeframe to deliver the sessions to be defined

2. In a time frame of three months (to be defined), deliver 10 short (approx. 5 minutes) on-demand awareness video-sessions to all EFSA staff (i.e. 1 every week). The effectiveness of each awareness session must be measured via a “gaming” test activity or “escape room” (e.g. Organizing a sort of competitions among EFSA Units). The topic covered in the sessions

Selection criteria - technical and professional capacity:

  • General Requirement: The tenderer must have extensive and demonstrable experience in organizing trainings or awareness sessions for Mid or Large companies or International Organizations;
  • Requirement for objective  1: Ability to provide speakers with the following characteristics:
    • Being highly reputed professionals in the cybersecurity domain;
    • if academics with a Google H-Index > 55;
    • if not academics being either previously a speaker at TED/TEDx talks or a C-Level of a Large company in the area of IT Security;
    • excellent level (≥ C1) of spoken and written standard UK English.
  • Requirement for objective 2:
    • Ability to provide video session with:
      • Excellent content quality;
      • Attractive graphics (to attract the attention of the audit).
    • Ability to provide an attractive and suitable solutions (also in terms of platform to be used) so to measure the effectiveness of each video-session while ensuring a high level of participation and fun among staff. In order to demonstrate the ability in providing what required for objective 2, in addition to a written description, the incumbent could also provide video-demos.

If you are interested in this procedure please send an email within the deadline to efsaprocurement [at] quoting the reference of the procedure and specifying the following:

  • your name/organisation’s name and address;
  • whether you participate as a physical person or an organisation/private company.