1. Information about the opportunity
An opportunity exists to establish a Standing Offer Arrangement (SOA) for the procurement of Vulnerability Assessment Services for the whole of government. Queensland Government needs to understand and improve its preparedness to prevent, detect and respond to the increasing risk of potential cyber-attacks against its services, enabled through ICT and internet facing systems.

1.1 About Procurement Transformation
The way Queensland Government buys and manages goods and services is changing. Underpinned by the Queensland Procurement Policy and the State Procurement Plan 2014-2018, government is transforming procurement into a simpler, more integrated function that is responsive to the changing needs of Queenslanders. The Program is focused on establishing new ways of working that will make it easier for industry to do business with government.

Through strong industry partnerships and innovative procurement practices we can deliver customer-focused, value for money outcomes that will make a real difference to Queenslanders. Visit the Dept. of Housing and Public Works website for more information.

1.2 Summary of opportunity and DSITI objectives
QGCIO CSU wishes to continue the whole of government vulnerability scanning service including the vulnerability assessment of websites and IP address spaces as well as scans conducted inside of Government agencies.

The Queensland Government ‘s preference is for a ‘managed service’ that will provide vulnerability assessment service of Queensland government websites and internet accessible services as well as agency internal networks. These services will be used to develop an improved understanding of current exposures, inform mitigation activities and track progress relative to business risk objectives.

Those with native multi-tenanted solutions are desirable. It would be advantageous for Service Implementers / Solution Partners to demonstrate a track record of successful implementations in similar environments.

DSITI, (Principal), has issued this Invitation to Offer for the following departments and agencies, with the listed objectives and scope:
* All core Queensland Government Agencies and a number of selected Statutory Authorities and/or Government Owner Corporations
* 19 Agencies with approximately 140,000 staff.
* Approximately 3,000 internet facing websites and applications (hosted either by government or external providers).
* Approximately 65,000 internal assets and applications.

This service is expected to differ from typical corporate offerings due to the federated nature of ICT management within Queensland Government. The service is to facilitate appropriate communication with the various system owners (as listed above), as required and maintain an association between owners and their scanned services.

This activity under the Queensland Government Chief Information Office Cyber Security Unit (QGCIO CSU) program is intended to compliment, not replace, whatever security and risk management programs departments and agencies already have in place.