ENTSO-E Security Plan External Auditing Services (ESPEAS)

TSCNET Services GmbH (TSCNET) located in Munich, Germany, is an ISO 27001:2022 certified organization providing services 24 hours a day, 7 days a week, 365 days a year, to Contracting Authorities operating critical infrastructure connected to the Central and Eastern European power grid. As part of TSCNET's requestor’s input for Regulatory Information Security Auditor Services, TSCNET wishes to contract a specialist third-party to undertake regulatory information security audits. The third-party needs to be a qualified ISO 27001:2022 Lead Auditor with not only best of breed expertise, but excellent service delivery and multiple years' experience in regulatory audits. The audits must be aligned with the regulatory expectations and frameworks established by: a) ENTSO-E (European Network of Transmission System Operators for Electricity) – https://www.entso-e.eu, which coordinates the operation of Europe’s electricity transmission networks and sets cybersecurity and operational standards for TSOs. b) ACER (European Union Agency for the Cooperation of Energy Regulators) – https://www.acer.europa.eu, which oversees the implementation of EU energy regulations, including cybersecurity and data protection obligations under the Network Code on Cybersecurity and other relevant EU legislation. Given that the contract is expected to span at least four years, TSCNET anticipates that additional compliance requirements may emerge over time. Therefore, the scope of regulatory alignment shall not be limited to ENTSO-E or ACER alone. The selected auditor must demonstrate the capacity to adapt to evolving EU and national regulatory frameworks, including but not limited to cybersecurity, data protection, and energy sector governance, as defined by current and future mandates from ENTSO-E, ACER, and other relevant authorities.