CONSULTANCY FOR CERTIFICATION OF FINANCIAL STATEMENT OF A GRANT AGREEMENT

Action Against Hunger tackles the causes and effects of hunger and diseases that threaten the lives of
vulnerable children, women and men.
Established in France in 1979, Action Against Hunger are a non-governmental, non-political, non-religious,
non-profit organisation.

This agreement is between Action Contre La Faim (referred to as the "Coordinator,") and Compliance Organization’s (referred to as the "Auditor"). The purpose of this agreement is for the Auditor to perform a data protection audit to evaluate and examine the Coordinator’s compliance status as relating to data protection.

The Auditor will conduct this engagement according to:
•             NDPA 2023: Nigeria Data Protection Regulation of 2023, related to agreed-upon procedures for data protection compliance.
•             ISO/IEC 27001 Standards: The Auditor will adhere to the ISO/IEC 27001 Standards for Professionals, which outlines principles regarding integrity, objectivity, independence, professional competence, confidentiality, and technical standards in ensuring data security and avoiding data breaches.

Geographical scope coverage Abuja.
Profile of the consultant (Qualification and Experience)
The Coordinator must submit a Data Protection Audit Report, prepared by an external auditor, to the Nigerian Data protection Commission. The NDPC requires this report to validate the Coordinator’s compliance status with the NDPA.:
The Auditor confirms they meet at least one of the following conditions

• NDPC License: The Auditor or firm is licensed by the Nigerian Data Protection Commission.
• NDPA Compliance: The Auditor or firm fully understands and is knowledgeable on the requirements of the Nigerian Data Protection Act.
• EU GDPR Compliance: The Auditor or firm fully understands and is knowledgeable on the requirements of the European Union’s General Data Protection Regulations.

SCOPE OF WORK:
The Data Protection Regulation Compliance Audit will involve but not limited to the following activities:
•             Check for personal data creation procedures
•             Check for personal data processing procedures
•             Check for data retention/storage procedures
•             Check for data disposal procedures
•             Security of personal data as regards third party data transfer
•             Check all the data storage to confirm that the personal data are all well stored in reports, file, cabinets, systems, database, devices (tapes, disks, etc.) applications
•             Check for any data protection gaps and ensure that they are all closed
•             Assess NDPR Awareness in the ACF
•             Identify all locations where personal data is stored in the ACF and check the adequacy of security and privacy around them
•             Check the existence, location and adequacy of existing Data Protection documents
•             Check if the ACF has documented legal justification for using special categories of personal data (sensitive and non-sensitive)
•             Check and confirm the adequacy and completeness of the data subjects rights with regard to the NDPR
•             Support ACF in Filling it annual return to the Nigeria Data protection Commission


All interested consultants should send Expression of Interest electronically from Monday 20th January 2025 by 12 noon to 3rd February 2025
to: [email protected]
 
with subject “CONSULTANCY FOR CERTIFICATION OF FINANCIAL STATEMENT OF A GRANT AGREEMENT.” in order to receive the full ToR.