Consultant: IT Risk & Support Assessment

Emergent is a global non-profit, incorporated in the US in 2019, that aims to mobilize public-private finance to conserve and restore the world’s tropical forests to combat the climate crisis. We serve as an intermediary between the private sector and forest nations, acting as a market catalyst to deliver transformational impact for the climate, biodiversity and forest communities.  Emergent’s team is around 38-strong and is mostly based in the US, UK, Spain and Brazil with a handful of individual team members in other countries.

After several years of preparation and building the team, Emergent is poised to initiate commercial transactions between tropical forest governments and major corporations that will, in time, direct hundreds of millions of dollars in much-needed funding to slow and reverse tropical deforestation. The protection of the commercially confidential data underpinning these transactions, and the internal system controls used to co-ordinate them, are of paramount importance.

Emergent operates on a Microsoft platform with a handful of additional, market-sourced IT systems (e.g., QuickBooks and HubSpot) that are used ‘out of the box’. We do not have in-house IT support or expertise and rely on a third-party Spain-based company for our IT support. 

Scope of Work 

Emergent is seeking an experienced, US-based IT consultant or company to carry out the following work in early 2025. 

We envisage a 2-4 week engagement and are open to discussion on both scope and timescale. 

1. Assess the organization’s standard of cyber security, including compliance with US and other applicable regulations and adherence to recognized good practice.  Compile actionable recommendations appropriate for a business of Emergent’s size and nature to enhance, where necessary, the security and resilience of our data infrastructure against potential threats and vulnerabilities. In particular, we are keen to define clear, simple procedures to be followed in the event of a security breach, cyber-attack or other form of system failure, including backup and restoration procedures. 
2. Assess the scope and standard of IT support provided to Emergent by our external vendor.  Make actionable recommendations.  (NB – while we recognize that the provider of the service scoped by this document may also offer IT support services, we do not envisage moving directly from this work to a change of IT support provider.) Emergent is partly funded by governments that require us to follow strict procurement guidelines; any subsequent change of support provider could only follow a transparent, competitive bidding process carried out in accordance with those guidelines. 
3. Make recommendations to address any obvious deficiencies in software, data management, system integration, IT policies/practices, etc.   

Procurement Process 

Interested parties are asked to submit a brief expression of interest summarizing relevant experience, outline approach and indicative (i.e., non-final, non-binding) cost. The deadline to submit proposals is October 31, 2024.   

Based on these expressions of interest, the Emergent team will select a short list who will be invited to a briefing session at which the team can answer questions.  Vendors who then want to go ahead will be asked to submit binding proposals.  

Please, no emails.