AI solution for discovering, classifying, and providing secure searches across content repositories

⁠⁠⁠Snowy Monaro Regional Council is seeking proposals for a software solution capable of discovering, classifying, governing, and providing secure search capabilities across all organisational content repositories.

The objective of this procurement is to:

• Identify sensitive information (PII and regulated data) across all repositories

• Improve information governance and records management compliance

• Reduce redundant, obsolete, and trivial (ROT) data

• Provide unified search across multiple systems

• Support defensible disposition of records

• Enable improved privacy compliance and FOI response readiness

The platform must operate across existing repositories without requiring migration of files or disruption to staff workflows.

Scope of Work

The selected solution must provide capabilities in the following areas:

• Enterprise content discovery
• Sensitive data detection and classification
• ROT identification and storage optimisation
• Federated enterprise search
• Records governance and defensible disposition
• AI-assisted content classification and analysis
• Compliance monitoring and reporting

The system must operate continuously to maintain an up-to-date inventory of organisational content.

Functional Requirements

3.1 Content Discovery and Inventory

The platform must:

• Scan and index files across multiple repositories

• Provide a complete inventory of files and storage usage

• Identify file types and content distribution

• Provide visibility into duplicate files and redundant storage

• Maintain a continuously updated catalogue of content

The platform must be capable of scanning millions of files across enterprise repositories.

3.2 Repository Integration

The platform must support scanning and indexing of content stored in:

• Windows file shares

• SharePoint Online and SharePoint Server

• Microsoft OneDrive

• Microsoft Teams

• Microsoft Exchange and email archives

• Laserfiche or other ECM platforms

• OpenText or similar content systems

• Additional enterprise repositories

The solution must operate without requiring file migration or repository consolidation.

3.3 Sensitive Data Detection (PII Identification)

The solution must be capable of automatically identifying sensitive data within documents.

Detection capabilities must include:

• Government-issued identification numbers

• Financial account numbers

• Health information

• Personal contact information

• Addresses and telephone numbers

• Named individuals within documents

The system must:

• Continuously scan repositories for sensitive data

• Provide configurable detection rules

• Identify affected individuals within documents

• Display PII concentration and exposure across repositories

This capability supports privacy compliance and breach notification obligations.

3.4 ROT Analysis (Redundant, Obsolete, Trivial Content)

The platform must identify and classify:

• Redundant files (exact duplicates)

• Obsolete records past retention periods

• Trivial or non-record content

The system must:

• Detect duplicates using cryptographic hashing

• Identify near-duplicate documents

• Provide ROT analysis dashboards

• Support removal or remediation workflows

ROT detection must include automated rules for identifying low-value content.

3.5 Records Retention and Defensible Disposition

The platform must support records governance and defensible deletion workflows.

Capabilities must include:

• Identification of records exceeding retention periods

• Filter-based selection of records for disposition

• Pre-disposition review reports

• Multi-step approval workflows

• Reason documentation for each deletion action

• Permanent audit logging of disposition actions

The system must ensure that record disposal is fully documented and legally defensible.

3.6 Federated Enterprise Search

The platform must provide a unified search capability across all repositories.

Search functionality must:

• Search across multiple systems simultaneously

• Respect existing user permissions

• Provide metadata and location details for each file

• Allow filtering by file type, date, repository, and classification

• Support keyword and metadata search

Search results must respect the organisation’s existing access permissions to prevent unauthorised disclosure.

3.7 AI-Assisted Classification and Analysis

The solution should include optional AI capabilities that support:

• Document summarisation

• Natural language document queries

• Automatic tagging and classification

• Identification of document clauses or topics

• Identification of named individuals or entities

All AI processing must be capable of operating within the organisation’s infrastructure or approved Australian data centres to maintain data sovereignty.

3.8 Governance Dashboards and Reporting

The platform must provide governance dashboards displaying:

• Total file counts and storage consumption

• Duplicate data volumes

• ROT distribution

• Sensitive data locations

• Retention compliance status

Dashboards must allow filtering by repository, department, and file type.

The system must provide real-time visibility into content risk exposure.

Security and Compliance Requirements

The platform must support the following security capabilities:

• Integration with Active Directory or Entra ID

• Role-based access control

• Audit logging of all system actions

• Secure authentication mechanisms

• Alignment with NSW Government security and privacy requirements

The solution must ensure that content remains within the organisation’s infrastructure unless explicitly configured otherwise.

Operational Requirements

The system must:

• Support scheduled scanning of repositories

• Continuously classify new content as it is created

• Operate with minimal disruption to staff workflows

• Allow configuration of scanning frequency per repository

The platform must provide a continuous governance model rather than a one-time audit process.

Implementation Requirements

Vendors must provide:

• Installation and configuration services

• Initial repository discovery and scanning

• Configuration of classification rules

• Configuration of retention and disposition policies

• Administrative training

Vendors should also provide guidance on:

• ROT cleanup strategy

• Governance policy alignment

• Records classification frameworks

Vendor Response Requirements

Vendors responding to this RFQ must include:

Description of proposed solution

Compliance with each requirement

Implementation methodology

Deployment architecture

Licensing model

Estimated implementation timeline

Ongoing support model

Government customer references where possible