Closed

GRDC Cyber Security Incident Response Plan (CSIRP) Development

Tender ID: 598424

Tender Details

Organisation:
Grains Research and Development Corporation
Tender #:
PCS-03063  
Status:
Closed
Publish Date:
24 October 2025
Closing Date:
7 November 2025
Closing Time:
11:59 PM (Australia/ACT)

Tender Description

This Tender is invited by the Issuer.

GRDC requires the development and implementation of a cybersecurity incident response plan which is tailored effectively for our size, structure, functions and risk profile. The plan must be compliant with ASD’s ISM (i.e. control ISM-0043), and be in line with other better practices and recognised frameworks. The plan will cover the following:

  • guidelines on what constitutes a cybersecurity incident,
  • the structure and organisation of the incident response capability, including a high-level view of how the incident response capability fits into the overall organisation,
  • the resources and management support needed to effectively maintain and mature an incident response capability,
  • the types of cybersecurity incidents likely to be encountered and the expected response to each type,
  • how to report cybersecurity incidents, internally to an organisation and externally to relevant authorities,
  • other parties which need to be informed in the event of a cybersecurity incident,
  • the authority, or authorities, responsible for investigating and responding to cybersecurity incidents,
  • the criteria by which an investigation of a cybersecurity incident would be requested from a law enforcement agency, the Australian Signals Directorate or other relevant authority,
  • the steps necessary to ensure the integrity of evidence relating to a cybersecurity incident, and
  • system contingency measures.

Additionally, GRDC requires the implementation of the plan, culminating in the facilitation of a desktop exercise test to train the key incident response staff. Implementation activities will include:

  • Communications: working with key responsible parties to explain the plan and their duties under the plan.
  • Tools & readiness: evaluate the readiness of GRDC to adopt the plan. This will include ensuring that critical documentation is available digitally and in hard-copy (e.g. plan and communications lists), that incident tracking is appropriate, communications channels exist, and suggesting any other relevant readiness activities.
  • Plan and facilitate a cross team tabletop exercise to walk through at least one likely scenario and response. 

Location

Australian Capital Territory  

Category

Information & Communication Technology   :   Consultancy & Project Management   :   ICT Labour Hire   :   IT Security Services