The services of a suitably qualified and experience vendor(s) are required to undertake security testing activities across the portfolio of projects to help understand security vulnerabilities, risks and/or issues, and where appropriate recommend actions to remediate vulnerabilities and mitigate any risks and issues. The NDIA is undertaking a number of projects involving development of critical business systems as well as a cloud-based desktop environment. The NDIA is seeking a business partner(s) with the flexibility and capability to provide security testing services as and when project needs arise.

The successful vendor will provide a mix of vulnerability assessments, penetration teste and code reviews. The mix of services and detail required will vary with NDIA needs.

The NDIA seeks a twelve-month arrangement, with two one-year extensions, by which project teams can call upon the selected seller to as part of blended project team.

The purpose of this market approach is to agree a rate card (based on experience & expertise of the resources) and a delivery approach with one or more vendors for the provision of vulnerability assessments and penetration testing services as required.

The work can be performed offsite, anywhere in Australia; however occasional face-to-face meetings will be required. These meetings will all take place in the ACT.