The initially requested set of expertise areas are: Risk management, assessment and assurance; security governance, architecture and design; security consulting and review; certification and assurance; source code and application review; network and application security testing; and computer forensics, investigation and security incident response.
Provision of such services in a coordinated way through a panel should help achieve some of the "key elements to lifting information security and privacy practices and standards across the public sector", DIA says. These key elements include: "Implementing security and privacy practices as an integral part of an agency's overall risk management activity; setting expectations on the standards required for information security and privacy that are effective, achievable and enduring in the short term; and providing assistance and monitoring performance in lifting standards as appropriate and needed."
The sourcing of security services is classed as a "common capability ICT (CC-ICT) procurement". This means DIA will enter into an agreement with the chosen members of the panel. "Eligible agencies can then sign up to a Security Services Subscription Agreement with the service provider(s) to purchase services made available under the CC-ICT Agreement(s)."
The panel's services will be available to a large group of agencies including public service departments, Crown entities, state-owned enterprises. the NZ Defence Force, the Police, the SIS, the Clerk of the House of Representatives and the Parliamentary Service, as well as local authorities.
Sign up for CIO Asia eNewsletters.