NEEDS ASSESSMENT – INFORMATION TECHNOLOGY, IT SECURITY AND CYBER SECURITY

ORGANISATIONAL OVERVIEW AND BACKGROUND

The Climate Action Network (CAN) is a worldwide network of over 1900 Non-Governmental Organisations (NGOs) in more than 130 countries, working to promote government and individual action to limit human-induced climate change to ecologically sustainable levels.

CAN members work to achieve this goal through information exchange and the coordinated development of NGO strategy on international, regional, and national climate issues. CAN has regional and national network hubs that coordinate these efforts around the world.

Climate Action Network International (CAN I) was formed in 1989 and has been unifying and amplifying civil society voices in the climate space for the past 30 years.

CAN has a diverse range of members ranging from grassroots organisations, concentrated in the Global South to International organisations the world round. Other members include NGOs, various human rights groups, as well as faith and interfaith groups. Civil society exists to do what the government cannot or will not do, and networks exist to achieve more than can be accomplished by one member alone.

CAN’s job is to provide the network infrastructure that enables our members to align. CAN is organized into regional and national “nodes”. Each node is responsible for its own governance and procedures and conducts joint policy and advocacy work within its given country or region.

CAN International has a secretariat of 25-30 staff working remotely based in over 17 different countries. CAN International is governed by an elected board constituted by Members or Nodes.

CAN International is an NGO operating in an environment of shrinking civic space, where environmental defenders are increasingly at risk.

PURPOSE OF THE ASSIGNMENT

The main purpose of the assignment is to review and determine the most effective and optimal Cyber Security, Information Technology Security and Information Technology needs for the organization.

The objective is to assess our existing IT infrastructure and digital security, and to make recommendations for how, as a small NGO, we can be as safe as possible and keep those we work with (members and allies) safe as well.

SCOPE OF ASSIGNMENT

The IT assessment process is aimed at determining gaps or needs and how to address areas of improvement.

DURATION OF ASSIGNMENT

6- 8 Weeks

KEY OBJECTIVES:

1. Review current CAN I IT infrastructure; Understand and analyze the organisation and the underlying environment’s IT requirements, especially regarding Cyber security and information technology security.
2. Identify the most appropriate and effective IT structure for the organization that will allow us to manage our ongoing IT needs whilst taking into account budget considerations relevant to a small NGO.
3. Provide advice, guidelines and a roadmap for sourcing, utilizing and managing IT assets and resources and managing IT Security and Cyber Security.
4. Specify the industry-standard best practices for using IT solutions and services that meet our objectives.
5. Provide recommendations of IT and digital security and train users as needed.
6. Provide a roadmap for ensuring a sustainable and secure IT environment.

OUTPUTS:

The aim is that by the end of the consultancy, CAN I will have clear recommendations in terms of its own IT needs, IT security, cyber security as well as what ongoing IT support will be required, and how this should ideally be delivered, both in terms of optimizing efficacy and cost-effectiveness.

The service provider will be accountable for the following activities and deliverables

• Inception Report: The inception report should be prepared by the service provider before embarking on a fully-fledged review exercise. The inception report will detail the service provider’s understanding of the tasks and the methodology to be employed to complete the task. The inception report should also include a proposed schedule of tasks, activities, timelines, deliverables and key issues. The inception report should not exceed 5 pages.
• Assessments and investigation: The consultant will engage with our systems and staff on an ongoing basis as needed, in order to determine the needs and gaps in our systems, IT and digital security needs.
• Draft Report: A detailed draft report that contains the consultant’s diagnosis and recommendations with preliminary findings and recommendations. This will be presented to the Executive Team.
• Final Report: Based upon discussions and the feedback from ET, the consultant will produce a final report including concrete recommendations, steps, and timelines in order to support implementation of mutually agreed goals.

SUPERVISION AND GUIDANCE:

The selected provider will be expected to be self-motivated and able to work independently. The provider will work closely with the Executive Team and/or a small task force team.

QUALIFICATIONS FOR ENGAGEMENT OF CONSULTANTS:

The following are the qualifications required:

• Proven experience as IT Consultant
• Expertise in digital security for civil society
• Ability to troubleshoot hardware, software and network problems
• Experience in project management
• Experience in providing training on IT and digital security
• An analytical mind with problem solving abilities
• Previous practical experience working with decentralized structures (such as networks) where the staff work remotely.
• Experience with Change Management processes in an organization working with remote staff.
• Familiarity with non-governmental organization work.