HPC2025-281: Cybersecurity Audit and Risk Services

Description

The purpose of this contract is to provide cybersecurity audit services to health services and the Department of Health

Additional information

The purpose of this panel is to establish a consistent approach to audit and risk assessment across the Victorian health sector based on the Department of Health’s Audit and Risk Assessment Framework.

The objectives are:

(a) to ensure that the responses provided by the participating health services to the department’s cybersecurity assessment are accurate, complete and properly reflects the current operating and controls environment.
(b) to ensure that the participating health services have correctly scoped their application of the assessment correctly.
(c) to report on assessment submission accuracy and any identified variances for the participating health service to re-submit an independently attested assessment.
(d) to provide actionable recommendations for identified variances.

 

Categories

The scope of this tender includes the following categories, which may be subject to change during the tender process:

01: Health Sector Cybersecurity Assessment Audit
02: Health Sector Cybersecurity Control Audit
03: Health Sector Cybersecurity Control Audit (follow up)
04: Health Sector Cybersecurity Risk Assessment