Research & Innovation - Participant Portal


TOPIC : Risk management and assurance models

Topic identifier: DS-06-2014
Publication date: 11 December 2013

Types of action: IA Innovation action
Opening date:
11 December 2013
Deadline: 28 August 2014 17:00:00

Time Zone : (Brussels time)
  Horizon 2020
Topic Description

Specific challenge: The ability to assess, manage, reduce, mitigate and accept risk is paramount for an effective protections against cybersecurity threats and incidents. The dependence of networks and information systems, that are essential for the functioning of our societies and economies (including Critical Infrastructures), on public communication networks and off-the-shelf components is an additional risk. However, in the area of cybersecurity, recent developments and trends render traditional (i.e. static and iterative) risk management methodologies ineffective and rapidly obsolete.

There are however no generally accepted best practices guidelines for risk management, nor a consensus on the minimal requirements for the market actors concerned, neither at a sectorial, nor at cross-sector level. For this reason, the NIS* public-private platform (Network Information Security Platform) will seek to identify best practices on risk management, including information assurance, risks metrics and awareness raising.

Scope: The proposals should implement a pilot to demonstrate the viability and scalability of state-of-the-art risk management frameworks. The risk management framework will have to encompass methods to assess and mitigate the risks in real time. Work should include a socio-economic assessment to evaluate the cost-benefit of implementing the framework. The framework should be dynamic, continuously adapted to new ways of managing risk to keep up with the ever evolving threat and vulnerability landscape. New ways of dealing with the security risk resulting from on-demand composition of services and massive interconnectivity should be developed.

The work on risk management frameworks can be complemented with the development of tools to evaluate the risks and its impact on business, tools for preventive assessment of risk and trustworthiness of customers and providers, tools providing a simple view and understanding of a complex system, and tools to detect social engineering attacks. Where necessary risk management can include ICT supply chain security.

Current assurance models and the resulting control and audit frameworks should be revisited. The applicability of the methods to the calculation of insurance premiums should also be investigated.

The selected pilots will have to engage with the NIS platform, contribute to its objectives and take due consideration of its recommendations.

The Commission considers that proposals requesting a contribution from the EU of between €2m and €5m EURO  would allow this topic to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.

Proposals have to address the specific needs of the end-user, private and public security end user alike. Proposals are encouraged to include public security end-users and/or private end users.

Expected impact:

A risk management framework has to be put in place allowing the comprehensive comparison between sector specific or national approaches, and providing an assessment on the residual risk. The framework will facilitate the implementation of legal obligations on risk management, identify gaps in existing legislation, while remaining adaptive to possible changes in the legal frameworks.

Type of action: Innovation actions

The conditions related to this topic are provided at the end of this call and in the General Annexes.

*JOIN (2013)1

Topic conditions and documents

Please read carefully all provisions below before the preparation of your application.

To see the budget earmarked for this topic, please look at the call budget distribution table by topic.

  1. List of countries and applicable rules for funding: described in part A of the General Annexes of the General Work Programme.
  2. Eligibility and admissibility conditions: described in part B and C of the General Annexes of the General Work Programme 
  3. Evaluation

    3.1  Evaluation criteria and procedure, scoring and threshold: described in part H of the General Annexes of the General Work Programme

    3.2 Guide to the submission and evaluation process
  4. Proposal page limits and layout: Please refer to Part B of the standard proposal template.
  5. Indicative timetable for evaluation and grant agreement:
    Information on the outcome of one-stage evaluation: maximum 5 months from the final date for submission.
    Signature of grant agreements: maximum 3 months from the date of informing successful applicants.
  6. Provisions, proposal templates and evaluation forms for the type(s) of action(s) under this topic:

    Innovation Action:

    Specific provisions and funding rates
    Standard proposal template (administrative forms and structure of technical annex)
    Standard evaluation form
    Annotated Model Grant Agreement
  7. Additional provisions:

    Horizon 2020 budget flexibility

    Classified information

  8. Open access must be granted to all scientific publications resulting from Horizon 2020 actions, and proposals must refer to measures envisaged. Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.


Additional documents

  • Flash Call Info en
  • Legal basis - Specific Programme H2020 en
  • WP H2020 - 1. Introduction en
  • WP H2020 - 14. Secure societies - protecting freedom and security of Europe and its citizens en
  • WP H2020 - 17. Communication and Dissemination en
  • Budget Table en
  • A guide to ICT-related activities in WP2014-15 en

Submission Service

No submission system is open for this topic.

Get support

National Contact Points (NCP) – contact your NCP for further assistance.

Enterprise Europe Network – contact your EEN national contact point for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.

B2Match networking platform with project ideas and participant profiles following the networking event in ICT 2013 in Vilnius

Ideal-IST partner search facility

Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.

IT Helpdesk – contact the Participant Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.

Ethics – to ensure compliance with ethical issues, further information is available on the Participant Portal and on the Science and Society Portal.

European IPR Helpdesk assists you on intellectual property issues.

The European Charter for Researchers and the Code of Conduct for their recruitment

CEN and CENELEC, the European Standards Organisations, advise you how to tackle standardisation in your project proposal. Contact CEN-CENELEC Research Helpdesk at

Partner Search Services helps you find a partner organisation for your proposal.

H2020 Online Manual your online guide on the procedures from proposal submission to managing your grant.