Terms of References
Facilitation of the process “Introducing an IT-security policy for and within the organization”
ForumZFD supports people involved in violent conflicts on the path to peace and strives to help overcome war and violence. We are currently working with peace consultants in Germany, as well as eleven other countries in Europe, the Middle East and South East Asia. Our Academy for Conflict Transformation offers a learning space for professional, international peace work. Through dialogue events, educational work and campaigns, we actively advocate civil peace policy. ForumZFD is recognized by the German federal government as a member of the Civil Peace Service (CPS) consortium. Our work is financed through public and private grants, donations and membership fees.
Rationale of the assignment:
ForumZFD is currently working in 11 countries worldwide through the Civil Peace Service.
Not least due to the Corona pandemic, all our employees work with digital tools, computers and IT. In addition, we work in the area of "Peace and Conflict", and - partly - in countries and regions highly prone to potentially severe safety and security risks. Data protection and privacy on the one hand, accessibility and usability - especially in situations of emergency and crisis - on the other hand have to be considered when using and selecting tools and setups.
Each of our offices and teams has different circumstances in terms of infrastructure, partners and team composition. At the same time, a functioning IT infrastructure is needed that is safe, easy to maintain and secure, and allows as much flexibility and possibilities to act in emergency situations at the same time. The aim of the organization is to create a clear guidance, on the one hand, for dealing with IT issues within the organization as a whole and the individual handling technical solution to ensure IT security.
Description of the process:
The consultant of the process “Introducing an IT-Security policy” shall consult the organisation in developing a IT-Security policy and a set of rules how to decide on new software, IT-layouts or software frameworks. Rules for responsible use of IT tools are to be established.
- Analysis of the current infrastructure at forumZFD, taking different future scenarios into account.
- Risk analysis with regard to IT, IT infrastructure and tools used in relation to the content-related program work and the security risk management of forumZFD
- Development of an IT security policy with the involvement of forumZFD stakeholders to define the setup, usage guidelines and decision-making process for the selection of tools. The IT security policy should enable staff to independent actions within a certain framework.
- Stakeholders within the organization – which have to be defined – should be consulted in this process.
- Development of a roll-out plan how to implement the new policy in the organization and within all international teams.
- Development of an incident response plan based on the new policy.
The working language is English.
Consultant / Facilitator (freelance).
Time frame of the assignment:
The analysis of the situation should be done in beginning of 2022, the IT-security policy should be finalised till the end of 2022.
Submission of proposals:
The proposal should include:
- A cover letter explaining motivation and working approach(es)
- Detailed methodology
- Remuneration expectation
All qualified consultants are invited to submit an expression of interest (in English) to conduct this consultancy for forumZFD.
For further information, you may contact Benedikt Kaleß (kaless@forumZFD.de). We look forward to receiving your expression of interest by 24 January 2022 via our online portal. The Interviews will probably take place in the first two weeks of February.
English information about our programmes is provided at https://www.forumzfd.de/en/international-programmes
Please note: In keeping with its mission and values, Forum Civil Peace Service (forumZFD) is committed to maintaining the highest degree of ethical conduct amongst all its staff. This code of conduct is also binding in this order.