Closed

Security Assessment of Science Digital's Sciansa Platform

Tender ID: 617307


Tender Details

Organisation:
Tender #:
PCS-04168  
Status:
Closed
Publish Date:
17 June 2026
Closing Date:
25 June 2026
Closing Time:
11:59 PM (Australia/ACT)

Tender Description

This Tender is invited by the Issuer.

⁠⁠⁠Assess the security and data-privacy posture of the Sciansa AI-powered research platform hosted on Google Cloud Platform (GCP), identify gaps against high-impact compliance frameworks, and deliver a prioritised roadmap to achieve and maintain certification.

Scope of Assessment

GCP Infrastructure & Configuration: IAM, VPC, Cloud KMS, Secret Manager, GKE cluster hardening (CIS Benchmark), Cloud Armor WAF, Audit Logs, Security Command Center, backup/DR (RTO/RPO validation), multi-zonal HA configuration.

Application & API Security: Platform API surfaces, authentication and authorisation controls, RBAC implementation, TLS enforcement, secrets handling (no hardcoded keys), container image scanning and supply-chain integrity.

Data Security & Privacy Controls: AES-256 encryption at rest, TLS in transit, data classification, provenance and audit-trail integrity, access controls for sensitive research data, data retention and minimisation.

Penetration Testing: External attack surface (internet-facing endpoints), internal lateral movement (GKE pod-to-pod), API security (OWASP API Top 10), AI/LLM-specific vectors (prompt injection, agent hijacking). Retest of critical/high findings post-remediation.

Vulnerability & Patch Management: Existing vulnerability scanning cadence, patch SLA adherence, dependency risk (SCA), container base-image provenance.



Similar Tenders

Active opportunities matching this tender's categories and regions.