IT Security Assessment
Tender ID: 569109
Tender Details
Tender Description
This Tender is invited by the Issuer.
Conduct a cloud security assessment of a Power Platform based web application that includes assessment of associated Network, Azure and M365 controls.
The assessment will deliver the following document suite using the NHMRC supplied format:
- System Security Plan Annex (Cloud Controls Matrix)
- System Security Plan
- Security Risk Management Plan
- Continuous Monitoring Plan
- Incident Response Plan
Evidence gathering is expected to include Design and As-Build Documents, interviews and direct sighting of system configurations (Appropriate access will be provided).
The assessment is expected to take approximately 6-8 weeks (plus 1 week for certification review) when conducted by a suitably qualified or experienced assessor (IRAP Assessor preferred but not essential).
A security clearance at the PROTECTED level is required for all personnel.
For further detail, refer to attached Statement of Requirements.
What are the working arrangements?
Evidence gathering can be conducted at the discretion of the vendor if the assessment is completed within the allowed time. Weekly reporting to the IT Security Advisor (ITSA), the Certification Officer, is required, and an additional week will be allowed for changes after certification review.