The Department of Health and Aged Care has issued a tender seeking a registered Microsoft Solution Partner to remediate security and operational gaps in its Azure Platform.
This follows a recent assessment that identified critical vulnerabilities.
In October 2024, the department named a new cyber security chief, Services Australia's David Lang.
At the time, the department said assistant secretary Lang will continue to roll out an ongoing cybersecurity uplift program.
The tender focuses on rebuilding the department's Azure landing zone to meet stringent security requirements, with special emphasis on the Security Sensitive Biological Application (SSBA), which must be migrated from legacy infrastructure within a tight timeframe.
Central to the project is the development of Infrastructure as Code solutions using Terraform or Bicep that comply with Information Security Manual (ISM), Information Security Registered Assessors Program (IRAP), and Essential 8 cybersecurity requirements.
The work will unfold in two distinct phases, with the initial planning and design phase scheduled to run from May to July 2025, followed by implementation from July to December 2025.
During the first phase, the selected partner will be required to develop a comprehensive delivery plan for building out the application landing zone and transitioning the SSBA application to Azure.
This will include creating a target state architecture design that addresses platform and application requirements while ensuring compliance with the Protective Security Policy Framework and other relevant security standards.
The second phase will focus on implementation, with activities including development of delivery sprints, deployment of the pre-approved Infrastructure as Code solution, configuration of required Azure components, and completion of testing and migration activities.
To deliver these requirements, the department anticipates needing a team consisting of one principal consultant and two senior Azure DevOps engineers for the implementation phase.
The tender also outlines a future phase to assess 10-15 additional applications and provide a modernisation strategy for legacy platforms including Oracle, WebSphere and ColdFusion.
Estimated start date for the work is May 12 this year, with the contract term being eight months initially, with the work scheduled for ACT.
A 12 month extension term may be available.
Closing date for the tender is Monday 14 April, 11:59 pm Canberra time.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
