Procurement Process Steps
1. Risk Assessment
The first step is to undertake an internal risk assessment taking into consideration:
- Your department/agency’s risk profile. For guidance refer to the Protective Security Policy Framework (PSPF)-Policy 15: Physical security for entity resources.
- The sensitivity level or classification of the data to be hosted. For guidance refer to the Protective Security Policy Framework (PSPF)-Policy 9: Sensitive and classified information and Policy 11: Robust ICT Systems.
2. Service Provider Type
Now you have determined your requirement for a Certified Service Provider, you should consider the benefits of each Certification level and choose the level that best meets your risk assessment.
3. Explore list of Certified Service Providers
Explore the list of Certified Service Providers to discover the services that best suit your needs.
4. How to procure introduction
Now you have determined the level of Certification required, and reviewed the list of Certified Service Providers, you can procure services through BuyICT.
Contact certifications@dta.gov.au to ensure you have the latest contract and/or agreement clauses.