The initially requested set of expertise areas are: Risk management, assessment and assurance; security governance, architecture and design; security consulting and review; certification and assurance; source code and application review; network and application security testing; and computer forensics, investigation and security incident response.

Provision of such services in a coordinated way through a panel should help achieve some of the "key elements to lifting information security and privacy practices and standards across the public sector", DIA says. These key elements include: "Implementing security and privacy practices as an integral part of an agency's overall risk management activity; setting expectations on the standards required for information security and privacy that are effective, achievable and enduring in the short term; and providing assistance and monitoring performance in lifting standards as appropriate and needed."

The sourcing of security services is classed as a "common capability ICT (CC-ICT) procurement". This means DIA will enter into an agreement with the chosen members of the panel. "Eligible agencies can then sign up to a Security Services Subscription Agreement with the service provider(s) to purchase services made available under the CC-ICT Agreement(s)."

The panel's services will be available to a large group of agencies including public service departments, Crown entities, state-owned enterprises. the NZ Defence Force, the Police, the SIS, the Clerk of the House of Representatives and the Parliamentary Service, as well as local authorities.

Previous Page  1  2