NSW Dept of Customer Service seeks to establish supplier panel for testing

By on
NSW Dept of Customer Service seeks to establish supplier panel for testing

The New South Wales government wants to establish a panel of prequalified suppliers that can deliver general and specialised testing services, for Department of Customer Service (DCS) programs.

A request for tender (RFT) as been issued, specifying that the services for general testing include:

  • Test management with test planning, environment management, scheduling, and reporting.  
  • Functional testing includes all types of functional testing such as acceptance, regression, system integration, system, API, function, and unit testing, with a preference for automated testing. Vendors will work with developers to integrate test driven development (TDD) practices.  
  • Non functional testing covers performance, reliability, accessibility, usability, and security/penetration testing. Security/penetration testing will be treated as a specialised skillset and service.  
  • Automated regression testing utilising the TOSCA tool, as specified by DCS or as otherwise advised.  
  • Service provision vendors will manage the preparation, execution, and regular reporting for the above services under the guidance of the DCS team.  
  • Modern practices vendors are expected to apply agile methodologies and leverage tools like Gen AI to enhance efficiencies and outcomes.  

TOSCA, or Topology and Orchestration Specification for Cloud Applications is a software testing solution from Tricentis that automates end to end tests for applications.  

For the security and penetration testing specialisation, additional requirements apply:

  • Security test management:  development of security test proposals in alignment with DCS information security policy, web application security assessment guidelines, OWASP, and other industry standards. This includes test planning, scheduling, and reporting.  
  • Security test execution and reporting: ability to conduct a range of security tests (web applications, web services, network, wireless, mobile apps, and configuration reviews) and produce detailed test results. Vendors must suggest, track, and manage remedial actions based on test findings.  
  • Certification and professional standards: vendors are required to show CREST certification or an equivalent professional credential to ensure adherence to industry standards and best practices.  
  • Automated security testing: use of automated security scanning tools to detect, exploit, and document vulnerabilities. Vendors will be expected to integrate these tools as part of a comprehensive security testing strategy.  
  • Security testing methodologies: vendors must adopt and implement recognised security testing methodologies based on DCS project requirements. Flexibility in adopting one or more testing approaches is required.  
  • Penetration testing services: execution of a wide range of penetration tests, including:  
    •   Web application and web services pen testing  
    •   External/internal network penetration testing  
    •   Wireless penetration testing  
    •   Mobile application penetration testing (Apple iOS and Google Android)  
  • Configuration reviews and testing: conduct configuration reviews of critical infrastructure, including firewall and cloud security configurations, as well as vendor SaaS applications. Vendors will perform both configuration reviews and penetration tests against customisable components of SaaS solutions.  
  • Remedial action management: post testing, vendors will manage and track the status of remedial actions, ensuring any vulnerabilities are promptly addressed.  
  • Service provision: vendors will manage the entire security testing lifecycle, from preparation to execution and reporting, ensuring coordination with DCS teams throughout the process.  
  • Modern practices and tools: vendors are expected to apply modern security practices and use advanced security testing tools, with the option to incorporate Gen AI for additional efficiencies in identifying and mitigating vulnerabilities.  

The deadline for the tender is February 17, with an estimated decision date of June 30 this year.

Tenderers may need to be members of the ICT Services Scheme SCM0020 to prequalify to be awarded the contract.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
department of customer service nsw government security strategy testing

Partner Content

Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?