Following a Machinery of Government (MOG) change, The Department of the Treasury is looking to engage a Security consultancy to perform a risk assessment on Cloud Services consumed by a recently amalgamated agency and it's public website. The works will include examining access from Treasury endpoints, including laptops and mobile devices. Access from outside the network will also be assessed.

The cloud services consumed are SaaS services - including Adobe XD, Dovetail, Eventbrite, Figma, Github, Github Backup solution, Mailchimp, Maze, Miro, Notion Labs, Notion, Zendesk and Office 365 tenancy controls and Microsoft Teams. The website is hosted on Sitegroundhosting, it's review is also in scope.

These systems have previously never been reviewed by the Department
In scope of works is to perform a single Security Risk Management Plan (SRMP) to cover all the systems mentioned above