The Department of Health and Aged Care Digital Transformation & Delivery Division (DTDD) is utilising ServiceNow as a multi-purpose platform, including for labour hire, IT Service Management, infrastructure monitoring (CMDB), source-to-pay Operations. This contains both external portals, internal applications and internal server infrastructure.

The Department is seeking to engage a suitable Vendor to conduct penetration testing and configuration review of the Department's ServiceNow instance, integrations and external client portals.

The Department currently utilises the following modules for DTDD:

• IT Service Management
• IT Operations Management
• Integration Hub
• Employee Service Management
• HR Service Delivery
• Software Asset Management
• Procurement
• Security Incident Response

The objective of this engagement is to:

• Identify vulnerabilities or information exposures in the external web applications and portal
• Validate role-based authentication methods are secure for guest and standard users
• Elevating and/or abuse of misconfigurations in the ServiceNow Platform
• Perform configuration reviews of all in scope web applications, portals and system integrations
• Assess effectiveness of security controls in the Platform and integration with Infrastructure
• Validate the security of on-premises Windows virtual machine MID servers.

Estimated start date: Monday, 03 February 2025

Initial contract duration: 3 weeks

Extension term: Not applicable

Location of work: ACT

Working arrangements: Onsite