Queensland's Croydon Shire Council is looking for both an MSP to deliver whole-of-IT services and a cyber security services provider with the objective to strengthen Council’s cybersecurity posture, ensure compliance with relevant standards and frameworks, and provide strategic leadership in managing information security risks.
Croydon Shire is situated just east of the Gulf of Carpentaria in Far North Queensland, approximately 2,200 kilometres by road from Brisbane.
The successful IT MSP provider will not only deliver on ICT service continuity, but also help to foster a positive relationship that will assist with guiding Council along a continued path toward greater digital maturity.
They must be able to manage a smooth transition in/out services, as well as have scalability and flexibility in delivering services including project and professional services.
The selected provider will be responsible for the management, maintenance, and continual improvement of Council’s ICT environment, including infrastructure, network, end-user support, cybersecurity (in collaboration with cyber security services), and cloud services.
Firewall provision and maintenance is provided by the building owner, but the MSP will be expected to deliver proactive monitoring, responsive technical support, and strategic guidance to enhance performance, mitigate risks, and optimise technology investments.
This arrangement aims to establish a partnership that provides operational stability, improves user experience, strengthens data protection, and ensures alignment of ICT services with business priorities.
Cyber security
The successful cyber security services provider will work closely with the executive team to develop, implement, and oversee a comprehensive cybersecurity program that supports business continuity, resilience, and data protection across all operations.
These services will be provided on a part-time or virtual basis, with the objective being to strengthen Council’s cybersecurity governance, risk management, and strategic oversight functions.
The appointed cyber security services provider will work in collaboration with the IT MSP and internal leadership team to ensure that cybersecurity policies, procedures, and controls are effective, compliant, and aligned with organisational objectives.
This role is intended to complement, rather than duplicate, the operational cyber security services provided by the IT MSP.
Key focus areas include developing and maintaining an enterprise-wide cybersecurity strategy and framework; overseeing risk assessments, incident response, and business continuity planning; and ensuring compliance with relevant legislation, standards, and frameworks.
Providing executive-level reporting, advice, and assurance on information security posture, as well as building a culture of security awareness across Council, will also be required.
This engagement aims to provide Council with independent, expert-level guidance and governance to manage and reduce cyber risks while maintaining strong collaboration with Council’s ICT service partners.
The contract is set to commence from 30 April 2026 and will be a five-year performance-based contract with periodic review points.
There is the option of one two-year extension and one one-year extension.
The tender closes on 9 February 2026 05:00 PM.
.jpg&h=142&w=230&c=1&s=1)
.png&h=142&w=230&c=1&s=1)
_(21).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
_(8).jpg&w=100&c=1&s=0)
