KPMG/RiskRecon Awarded Framework Agreement for Cyber Risk Score

The Norwegian Agency for Public and Financial Management, through the Norwegian Public Sector Cloud Marketplace (MPS), has awarded a framework agreement for internet information security measurement to KPMG Norway AS for the provision of the cloud service RiskRecon by Mastercard.

[Norsk versjon]

Cyber threats are a continuous challenge for public organizations. Technological advancements have enabled attackers to exploit vulnerabilities and inflict significant damage on public and private organizations. Therefore, it is crucial to have effective strategies and tools to identify and manage cyber threats. One strategy that has proven to be very useful is the measurement of information security on the internet ("Cyber Risk Score" or CRS). MPS has therefore awarded KPMG Norway AS a framework agreement for the provision of the cloud service RiskRecon by Mastercard.

What is Cyber Risk Score?

CRS is a method for quantifying and assessing an organization's exposure to cyber threats as seen from the internet. It is a numerical value that reflects the total risk for an organization based on various factors, such as vulnerabilities in the infrastructure, historical data on security breaches, and the organization's ability to handle security incidents. CRS provides a comprehensive assessment of the security level as seen from the internet and helps organizations prioritize actions to protect themselves against potential threats. CRS also facilitates the comparison and follow-up of security in the public sector at a national level.

The Pilot Project

In the summer of 2023, MPS concluded a pilot project of a cloud service for CRS. A total of 26 state agencies and 4 municipalities participated in the pilot. The conclusion was that there is a need for a CRS service in the public sector, that this would be a useful tool for business management and for IT and security management, that it could represent an effective management tool and facilitate increased collaboration in the public sector.

About the Framework Agreement and the Way Forward

In December 2023, a competitive tender with negotiation was announced. The competition was concluded on May 30, 2024, and the contract was awarded on June 19, 2024. The framework agreement is valid for 2 years with options for extension for up to another 2 years. The framework agreement is non-exclusive for the supplier and is voluntary for public sector organizations to use. The framework agreement is open to public organizations in the civilian sector that are covered by DFØs authorization, as well as 127 municipalities and county municipalities that have joined the agreement as an option. The option will be triggered as soon as the necessary clarifications regarding value-added tax are clarified.

The organizations that have the right to use the framework agreement will be invited to an information meeting together with KPMG/RiskRecon as soon as the contract is signed.

For further information for the relevant organizations, see our website or contact MPS project manager Kristina Nikolajeva, kristina.nikolajeva@dfo.no, +47 901 41 637.

Oppdatert: 19. juli 2024

Kontakt

Gi oss tilbakemelding!

Har du spørsmål eller tilbakemeldinger? Ta kontakt med oss!

E-post: markedsplassen [at] dfo.no (markedsplassen[at]dfo[dot]no)

Fant du det du lette etter?

Nei

Det beklager vi!

Tilbakemeldingen din er anonym og vil ikke bli besvart. Vi bruker den til å forbedre nettsidene. Hvis du vil ha svar fra oss, ta kontakt på telefon, e-post eller kundesenter på nett.