The official version of the website is the English version. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, or correctness of any translations made from English into any other language.

Open/Close Menu
English Spanish French Arabic
Open/Close Menu

News and Events

Request for Proposals: Independent IT Security Audit for the Egmont Group Secretariat

The Egmont Group Secretariat (EGS) invites qualified vendors to submit proposals to conduct an independent external security audit of the Egmont Group IT system. The audit will assess compliance with Egmont Group security, confidentiality, and access control requirements.

The IT system is built on Microsoft Entra ID, Microsoft 365, and Microsoft Azure, supporting secure communications, controlled access, and encrypted data storage.

Scope of the Audit

The External Security Audit must include:

  • Manual testing, including external penetration testing in line with Microsoft Cloud Penetration Testing Rules of Engagement
  • Technical configuration and automated security assessments
  • Risk analysis of threats such as malware, viruses, and phishing

A core requirement is that only designated users may access system data. Administrators, third parties, and service providers must not have access.

The audit will focus on:

  • Identity and access management and audit trails
  • Key generation and key management
  • Virtual machine access controls
  • End‑to‑end encryption and secure data storage
  • Hardware Security Module hardening
  • Compliance gap analysis against NIST, ISO/IEC 27001, and other applicable standards

Deliverables must include documented findings, recommendations, and a proposed Plan of Action.

Timeline

The audit, including the final report, must be completed within three weeks of project kick‑off. A minimum of two draft review rounds is required.

Proposal Requirements

Proposals must include:

  • Scope of work and project plan
  • Fees, currency, timeline, and payment schedule
  • CVs demonstrating at least five years of relevant experience
  • Relevant security certifications
  • Proof of appropriate security clearance
  • Bios of all staff conducting the audit
  • Examples of similar work for government or security‑sensitive organizations

All audit staff must be directly employed by the vendor.

Submission Details

Proposals must be submitted in English to ESAProposal[at]egmontsecretariat.org by 13 March 2026.

Email subject line:
EG IT System – External Security Audit

Only the selected vendor will be contacted for further discussions.

If this aligns with your organization’s expertise, we encourage you to submit a proposal.

For more information, download the request for proposals: RfP EG IT System – External Security Audit

 

Back to Top of Page Back to Top of Page