WGEA Information Security Registered Assessors Program Review

The Agency is seeking to have an updated view of operational security and governance across the WGEA Gender Equality Reporting Portal. Significant operational and technical changes have been undertaken since the last IRAP review was carried out. The Agency now wishes to review operational security in line with recent security enhancements and the changing cyber security landscape. To facilitate this, a further IRAP review and production of a comprehensive IRAP Review and Recommendations Report is required. The key deliverables are listed below:

Review all existing relevant governance documents, policies and systems to gain an understanding of the Agency’s security practices and operational processes:

1. Determine compliance with the IRAP framework.
2. Assess security processes to determine gaps, risks, and areas of improvement.
3. Assess security governance to determine gaps, risks, and areas of improvement.
4. Elicit future requirements and develop recommendations to enable remediation of any gaps identified.
5. Organise and facilitate discussions, meetings and focus groups as necessary.
6. Develop a recommended program of remediation work through:
7. Review of recommendations provided in current state assessment.
8. Alignment with the Agency’s broader privacy and security frameworks in operation.

Final Deliverable / Outcome:

• Provide an evidence based current state assessment, detailing findings of the review against the common control objects relevant to the Agency’s Gender Equality Reporting Portal.
• Provide recommendations for improvements in policies, practices and procedures detailing a practical, actionable security framework against requirements.

Suppliers are able to access WGEA’s website at: https://www.wgea.gov.au/.