Security Assessment of Science Digital's Sciansa Platform
Tender ID: 617307
Tender Details
Tender Description
This Tender is invited by the Issuer.
Assess the security and data-privacy posture of the Sciansa AI-powered research platform hosted on Google Cloud Platform (GCP), identify gaps against high-impact compliance frameworks, and deliver a prioritised roadmap to achieve and maintain certification.
Scope of Assessment
GCP Infrastructure & Configuration: IAM, VPC, Cloud KMS, Secret Manager, GKE cluster hardening (CIS Benchmark), Cloud Armor WAF, Audit Logs, Security Command Center, backup/DR (RTO/RPO validation), multi-zonal HA configuration.
Application & API Security: Platform API surfaces, authentication and authorisation controls, RBAC implementation, TLS enforcement, secrets handling (no hardcoded keys), container image scanning and supply-chain integrity.
Data Security & Privacy Controls: AES-256 encryption at rest, TLS in transit, data classification, provenance and audit-trail integrity, access controls for sensitive research data, data retention and minimisation.
Penetration Testing: External attack surface (internet-facing endpoints), internal lateral movement (GKE pod-to-pod), API security (OWASP API Top 10), AI/LLM-specific vectors (prompt injection, agent hijacking). Retest of critical/high findings post-remediation.
Vulnerability & Patch Management: Existing vulnerability scanning cadence, patch SLA adherence, dependency risk (SCA), container base-image provenance.
Location
Similar Tenders
Active opportunities matching this tender's categories and regions.