Introduction

The Department of Parliamentary services is seeking to engage a qualified cyber security supplier to enhance our cyber security posture. The selected supplier will be responsible for identifying vulnerabilities, assessing compliance, and providing recommendations for improvements across various aspects of our cyber security program.

Objectives

The primary objectives of this procurement are to:

• Identify and report on cyber security exposures in our architecture, compliance, and configuration, with recommendations for improvements.
• Assess and report on our compliance with the Essential 8, providing recommendations to enhance our governance, risk, and compliance processes.
• Review, assess, and provide recommendations on the suitability of our current systems and data capture mechanisms in support of cyber, HR and law enforcement investigations and discovery.

Scope of the Work

The scope of work for the selected supplier will include, but is not limited to, the following tasks:

1. Cyber Risk Exposure Assessment

• Conduct a comprehensive assessment of our current cyber security architecture, compliance, and configuration.
• Identify areas of exposure and vulnerabilities.
• Provide a detailed report with recommendations for mitigating identifies risks and improving overall security posture.

2. GRC & Essential 8 Compliance Assessment

• Evaluate the department’s current compliance with the Essential 8 cyber security mitigations.
• Evaluate the department’s governance, risk and compliance processes and documentation.
• Identify gaps and areas for improvement.
• Produce a report with actionable recommendations to enhance our governance, risk, and compliance processes.

3. Cyber Investigation Readiness Review

• Review and access the suitability of current systems and data capture mechanisms against best practice for supporting cyber, HR and law enforcement investigations and discovery.
• Produce a report with recommendations for improvements to ensure effective and efficient cyber investigation capabilities.

Deliverables

The selected supplier will be required to deliver the following no later than 29 August 2025:

• A comprehensive report on cyber security exposures with recommendations.
• An assessment report on GRC and Essential 8 compliance with recommendations for improvements.
• A review report on the suitability of current systems and data capture mechanisms with recommendations.

Evaluation Criteria

Proposals will be evaluated based on the following criteria

a. Demonstrated experience and expertise in cyber security assessment and compliance for Government entities

b. Demonstrated experience and understanding of the Information Security Manual and Essential 8 cyber security mitigations

c. Quality and feasibility of the proposed approach and methodology (i.e. how the work will be completed)

d. Value for money

e. References

Submission Requirements

Suppliers are required to submit the following

• A detailed proposal outlining their approach to the scope of work
• A baseline scheduled for completing the tasks
• A cost estimate for the Services
• At least one reference

Estimated start date: Monday, 23 June 2025

Initial contract duration: 3 Months

Extension term: Not applicable

Location of work: ACT

Working arrangements: Onsite