The SMB Mentor-Protégé Program is a sub-component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity and is facilitated by VFI and DAI. The SMB Mentor-Protégé Governance Board is comprised of representatives from USAID, VFI, and DAI and is chartered with management of all SMB Mentor-Protégé Program administrative and operational functions. If any additional parties are invited for SMB Mentor-Protégé Governance Board involvement, all participants will be notified prior to this change.
www.usaid.gov/ukraine
www.vetfi.com
www.dai.com
The SMB Mentor-Protégé Terms of Use and Privacy Policy defines all privacy and information protection provisions including what information is considered confidential, how it shall be protected, and which parties have visibility to that information. As an additional provision, it is highly recommended that a non-disclosure agreement be executed between the Mentor and Protégé prior to any sharing of information. As a condition of the program participation, a Memorandum of Understanding (MOU) must be developed following acceptance of the team into the program. One of the primary purposes of the MOU is to identify the specific types of information that shall be shared between the Mentor and the Protégé during their involvement in the program.
Mentor applicants shall meet the following requirement criteria to be considered eligible for the program:
◦ Applicants shall be originated from a non-Ukrainian home of record
◦ Applicants shall be registered to conduct business in Ukraine
◦ Applicants shall have conducted business within the borders of Ukraine within the last 3 years
◦ Applicants shall be classified as a Medium or Large business according to European Union and/or United States of America business classification standards
◦ Applicants shall have a dedicated Cybersecurity business capability or similarly related Information Technology capability
◦ Applicants shall complete a MP Cybersecurity Maturity Self-Assessment during the application process
Protégé applicants shall meet the following requirement criteria to be considered eligible for the program:
◦ Applicants shall originate from a Ukrainian home of record
◦ Applicants shall be registered to conduct business in Ukraine
◦ Applicants shall have conducted business within the borders of Ukraine within the last 3 years
◦ Applicants shall be classified as a Small or Medium business according to Ukrainian business classification standards. This includes limited liability companies (LLC), Joint Stock Companies (JSC), Branch Offices, Joint Ventures (JV), and Private Entrepreneurs/Sole Proprietors
◦ Applicants shall have a dedicated Cybersecurity business capability or similarly related Information Technology capability
◦ Applicants shall complete two Cybersecurity Maturity Self-Assessment Questionnaires, once during the application process and once prior to graduation from the program
*Exceptions to the eligibility criteria may be granted under special dispensation.
◦ Mentors and Protégés each complete an online application.
◦ Mentors and Proteges are provided a secure link to the online cybersecurity self-assessment questionnaire (CSAQ)
◦ Mentors and Protégés each submit an individual CSAQ
◦ Applications are evaluated for acceptance into the program
◦ Interviews with the Mentor-Protégé team are conducted
◦ The Mentor-Protégé team is initiated into the program
◦ Mentors and Protégés submit a Memorandum of Understanding (MOU)
◦ Mentoring engagements are conducted
◦ Protégés submit quarterly performance reports
◦ Mentor-Protégé teams are graduated or extended
Mentor and Protégé applicants are highly encouraged to identify suitable teaming partners prior to applying to the program. However, pairing assistance is provided by the program for those applicants that do not have a partner pre-selected.
The duration of the Mentor-Protégé team shall be a minimum of 1-year from acceptance into the program. At the end of the 1-year duration, the Mentor-Protégé teams’ performance shall be evaluated by the SMB Mentor-Protégé Governance Board. If the conditions are suitable the team may be authorized to extend the partnership for an additional year.
Mentoring activities that are intended to be conducted will be clearly defined within the Memorandum of Understanding.
Mentoring activities may include but not be limited to the following:
◦ Training Events (in person, online training courses, webinars, etc.)
◦ Technical Assistance (technical support, design, engineering, operations, etc.)
◦ Administrative Assistance (internal business practices, contracts, pricing, proposals, project management, etc.)
◦ Product or Service Demonstrations (hardware, software, firmware, process, etc.)
Participants must remain compliant with the following conditions to remain in good standing with the program:
◦ Remain compliant with the Eligibility Criteria
◦ Remain compliant with the Terms of Use
◦ Submit a SMB Mentor-Protégé MOU
◦ Submit quarterly Performance Reports
Teams may be subject to dismissal from the program should violations of the participation conditions occur.
Determination of suitability for acceptance of Mentors and Protégés into the program is at the sole discretion of the SMB Mentor-Protégé Program Governance Board.
Possible reasons for not being accepted in the program may include but not be limited to the following:
◦ Failure to meet the Eligibility Criteria
◦ Presence of the organization on a Ukraine, US, or EU sanction list
◦ Evidence of criminal activity
◦ Pending legal disputes
◦ Unsuitable affiliations
The CSAQ is an online questionnaire derived from the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Resilience Review (CRR). Information collected in the CSAQ is considered confidential and will not be provided to any parties outside of the SMB Mentor-Protégé Program staff.
The purpose of the CSAQ is to provide a standardized method for gauging the baseline cybersecurity posture of each organization that shall be participating in the program.
The SMB Mentorship Program CSAQ shall be used to:
◦ Evaluate the Mentor’s ability to provide consistent and reliable guidance
◦ Gauge the Protégé’s baseline cybersecurity maturity
◦ Identify potential cybersecurity related goals for the Mentor-Protégé team
◦ Measure the performance of the team before graduation from program
The MOU is anon-binding agreement between the Mentor and Protégé that outlines the duration, scope, specific goals, planned engagements, how the information will be shared and protected, and authorized points-of-contact. The MOU is can be created using a template provided to the Mentor-Protégé team after acceptance to the program or by using an internal format.
The quarterly performance report is an online form that shall be used to record the performance of the Mentor-Protégé team including milestones achieved in the team lifecycle, engagements with other USAID Cybersecurity for Critical Infrastructure in Ukraine program components, or other relevant interactions occurring between the Mentor and Protege. Protégés will be responsible for submission of this form on a quarterly basis.
Teams that remain compliant with Eligibility Criteria and Participation Conditions shall be graduated from the program at the end of the 1-year lifecycle and provided a USAID endorsed certificate of completion.
.jpg)
Companies participating in SMB Mentor – Protégé program as proteges may be eligible for funding opportunities based on their demonstrated ability to further develop their cybersecurity business.
Pending final funding approval, the USAID Cybersecurity Activity intends to make funding available for the most promising companies through a grant pool of up to $3m. Grants of up to $250k may serve as seed funding to grow companies based on specific needs, business plans, and performance.
