Closed

ICT Cyber Security Assessor

Tender ID: 568859


Tender Details

Tender #:
DM-25995  
Status:
Closed
Publish Date:
2 October 2024
Closing Date:
17 October 2024

Tender Description

This Tender is invited by the Issuer.

The Agency is seeking to engage a suitably qualified and experienced Seller to undertake a cyber security risk assessment for the Survey.

The purpose of undertaking this assessment is to enable the Agency to obtain an Authority to Operate for the Survey, in accordance with the DEWR External ICT Services Authorisation Policy and Risk Management Framework

Context

The Seller will be briefed on the Agency context and their governance model, approach to risk and overarching compliance requirements at an enterprise and system levels.

The engagement will comprise the assessment of ICT systems and security documentation relating to Roy Morgan’s systems that will be used in the delivery of the Survey. This may include but not be limited to the following documentation and artefacts:

  • Threat Risk Assessments (TRA)
  • Continuous Monitoring Plan (CMP)
  • Disaster Recovery Plan (DRP)
  • Backup Recovery Plan (BRP)
  • System Security Plan (SSP)
  • Security Risk Management Plan (SRMP)
  • Incident Response Plan (IRP)

The Seller will be required to enter a binding Non-Disclosure Agreement with Roy Morgan before being granted access to sensitive and commercial in confidence information.

The Agency recently conducted an internal assessment and issued an Interim Authority to Operate to enable the Dress Rehearsal phase of the Survey to be completed.

The next critical phase of the Survey is the Man Wave which is scheduled to commence in February 2025. Consequently, the Agency requires the assessment to be completed by 29 November 2024 to allow sufficient time for internal approval processes to be undertaken before the Main Wave commences.

The Seller’s nominated resource will need to be available for the entire duration of the project.

Key Deliverables and Acceptance

The Seller will be required to provide the following Key Deliverables.

  • A rigorous ICT cyber security risk assessment that satisfies these requirements;
  • A comprehensive written report prepared in accordance with the Agency’s framework and templates.
  • A completed System Security Plan Annex (SSP-Annex) in the relevant format published on the: Information Security Manual (ISM) | Cyber.gov.au website.

The Agency may accept or reject any recommended deliverables in accordance with the Master Agreement.



Icon
Interested to find more tenders relevant to you and your business? You can try our advanced tender search today.