Objective
The objective of this project, under the Indonesia Digital Health Programme (Phase 1), is to start the implementation of two of these - to establish a Computer Emergency Response Team (CERT) and a multi-agency Health Data Protection and Cyber Security Coordination Group. Related UK funded work is supporting incident simulation training, a security outcomes framework and a privacy impact assessment of electronic medical record data. The implementer(s) of this project will be expected to maintain close alignment with these activities.
The Ministry of Health has recently created a Data Transformation Office, complementing the Centre for Data and Information. The digital platforms and services, however, are the responsibility of other delivery units. The incident response team will need to bring together resources from across the Ministry. The proposed Coordination Group will also include other ministries and agencies across the government.
The following guidance provides details of the requirements, the eligibility criteria and how to bid.
Timing and indicative budget
£200k from October 2021 to end March 2022
The establishment of health ministry Computer Emergency Response Team (CERT) and a multi-agency Health Data Protection and Cyber Security Coordination Group, will act as a focal point for strategic risk management relating to healthcare data and systems, an area which is currently lacking and undermines operational planning and incident response capability.
CERTs usually provide a combination of reactive services (e.g. alerts, warnings, incident response coordination) and proactive services (e.g. announcements, security assessments, development of tools). The MoH is already in discussions with BSSN over the remit and functions of their CERT, so an important area of this work will be selecting the right services to underpin the definition of the MoH CERT.
In terms of the Strategic Coordination Group, it is envisaged that the implementer will agree a terms of reference with key government stakeholders and support in setting up appropriate cross departmental governance structures focused on incident response strategies and threat intelligence sharing.
Please indicate in proposals:
- the foundational activities in the establishment of a CERT which will be delivered in the period
- the key agencies and organisations to be engaged in the Coordination Group and realistic (potential) agenda for the period
- proposed monitoring
Who can bid?
Bids are welcomed from not-for-profit organisations including academia, NGOs, inter-governmental organisations and not-for-profit arms of commercial entities.
Many capacity building projects cannot be fully delivered by a single implementer as the capability and skills required may only be found in a consortium. We therefore welcome bids from consortia, with a clear non-for-profit prime or lead implementer. Commercial organisations are permitted to join consortia as part of a bidding team. However, the commercial element of the proposal, which would be sub-contracted by the not-for-profit, must be proportionate.
Guidelines for submitting a proposal
Potential implementers should submit a completed project proposal form (PPF) (ODT, 61.8KB), Activity Based Budget (ABB) template (ODS, 10.4KB), Staff Daily Rate Card, together with confirmation they are content to use the FCDO Grant Agreement/MoU template (ODT, 86.3KB), to
