The Australian Taxation Office has released a request for tender for a secure file sharing solution, in which it seeks experienced providers to deliver technology that will facilitate safe and efficient exchange of files across its networks.
The tender calls for a solution that can handle the complex security requirements of a large federal government agency.
ATO requires a system that allows secure upload and download of files in near real-time between internal and external users, with full encryption of data at rest and in transit.
"A secure file sharing solution is a technology service that allows for the safe and efficient exchange of files over a network, using encryption, authentication, and access restrictions to safeguard data from unauthorised access and breaches during transit," the tender document says.
The solution must be hosted in a secure, sovereign private SaaS (Software as a Service) or on-premises environment to comply with the ATO's data privacy policies and Australian Public Service legislative requirements.
Among the mandatory technical requirements, the system must support files up to 70 gigabytes in size, allow bulk uploads, and provide comprehensive activity logging for all file operations.
Key security features required include the ability to identify and prevent uploads of files classified beyond PROTECTED level, as well as integration with the ATO's workforce identity and access management capability for single sign-on and multi-factor authentication.
The successful provider must also implement features such as a "recycle bin" functionality, access expiry dates for files and guest users, and the ability for administrators to access accounts when the primary account holder is unavailable.
Protection against cyber threats forms a significant part of the requirements, with capability to defend against application-level attacks such as cross-site scripting and SQL injection listed as highly desirable.
The contract will run for an initial period of three years with the option of two one-year extensions, and the tender requires the successful provider to ensure the solution is operational by May 2025.
Deadline for the tender is March 31, 2025.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
