ICT Security and Related Services Panel (SRS Panel)

The Security and Related Services Panel are a group of industry experts contracted to provide government agencies with ICT services and advice on a range of security and privacy practices. The Panel helps government agencies manage privacy and security issues effectively.

Mandated
The Panel is mandated for all Public Service and non-Public Service departments as well as ACC, EQC, HNZC, NZTA, NZTE, NZQA, TEC and the 20 DHBs. Other agencies can opt-in at anytime.
Status Operational

Agency Contact

Department of Internal Affairs Sandeep Dalvi SRS Product Manager +64 4 4620138 sandeep.dalvi@dia.govt.nz

Service Description

Important information

The current ICT Security and Related Services Panel will be expiring on 15 October 2017.

Evaluation of the responses for the SRS Panel request for proposal has been completed, with a view to having the new Panel in place in September 2017. 

This page will be updated accordingly.

Description

The ICT Security and Related Services Panel are an approved cross-government group of 41 industry experts contracted to provide government agencies with ICT services and advice on a range of security and other related matters.

Services available through the panel include

  • risk management, assessment and assurance
  • security governance, architecture and design
  • security consulting and review
  • certification and assurance
  • source code and application review
  • network and application security testing
  • computer forensics, investigation and security incident response.

The Panel is part of an ongoing programme of work to ensure government agencies are continually lifting privacy and security standards as government services are transformed into the digital world. This service was first announced in late 2013. 

This panel largely caters for security requirements relating to ICT. Agency requirements for other types of security – for example, physical, personnel, or intelligence-based – are free to contract outside this panel.

Delivery

Forty-one vendors have been contracted to provide eligible government agencies with seven categories of ICT security and related services. Vendors can provide services in multiple categories.

The agreement with The Department of Internal Affairs (Lead Agency Agreement) permits eligible agencies to enter into separate agreements with any of the vendors in order to purchase the services described in the Agreement.

To take advantage of the all-off-government contract, agencies may only use the vendor for the services for which they have been contracted. If an agency wants to use a vendor for other work, they must conduct a separate purchasing and contracting process for this. 

Benefits

The intention of this Panel is to grow the market and ensure a consistent and cost -effective service is provided to all government agencies.

Roadmap

In order to continually ensure the best advice is available from the best providers, the panel is open. This means the Request for Proposal (RFP) process will be repeated at regular intervals to give new vendors the opportunity to join the panel and existing vendors can apply for additional categories. 

An RFP process was first repeated in mid-2014 and 14 new vendors were added to the panel and three vendors extended their services into other categories.  

A second RFP process was undertaken in late 2015 and 9 new vendors were added to the panel and five vendors extended their services into other categories.

Lead Agency

The Department of Internal Affairs

Adopting the service

Agencies wanting to use the Panel services do not need to undertake a full procurement process. The lead agency has procured the services on behalf of all agencies and has signed a Lead Agency Agreement with all the panel vendors. The main task for an agency is selecting a vendor(s) from the panel that meets their business needs.

Agencies can take advantage of the work done by the Lead Agency by contacting the product manager and following the process below. 

  1. Sign a standard confidentiality agreement so the suppliers’ lists of services and costs can be released.
  2. Select a vendor based on business needs. The Department of Internal Affairs has produced a document that takes agencies through this process and is attached below. This process along with the vendors’ catalogues is called the Secondary Procurement Process.
  3. Sign a Memorandum of Understanding (MoU) with Internal Affairs as Lead Agency. This MoU sets out each party’s rights and obligations.
  4. Sign a Subscription Agreement (SA) with the preferred service provider(s).
  5. Agree a Statement of Work (SoW) with the service provider(s).

The SA along with the terms and conditions, as agreed in the Lead Agency Agreement with Internal Affairs, constitutes the contract to deliver the panel services to agencies.

Lead Agency Agreement summary

  • Open Supplier Panel
  • ICT Common Capabilities
  • The initial contract is for two years, beginning in October 2013

Supplier Information

 

Risk Management, Assessment and Assurance

Security Governance, Architecture and Design

Security Consulting and Review

Certification and Assurance

Accenture NZ Ltd 

Aura Information Security (Kordia Ltd)

Axenic Ltd

Caravel Group Ltd

Certus Solutions Ltd

ComSmart Ltd

Confide Ltd

Computer Science Corporation (NZ) Ltd

Deloitte

Detica

EY (Ernst & Young)

Grant Thornton NZ Ltd

Hewlett-Packard NZ

IBM New Zealand Limited

Aura Information Security (Kordia Ltd)

KPMG

Lateral Security(IT) Service Ltd

Liverton Technology Group Ltd

Prima Solutions

PricewaterhouseCoopers NZ 

Quantum Security Service Ltd

Resultex

RiskIQ Ltd

Security-Assessment

(Dimension Data NZ Ltd)

Starfish

Unisys NZ Ltd 

ZX Security Ltd

Information Integrity Solutions Pty Ltd

InPhySec Ltd

SSS - IT Security Specialists

Datacom Systems (Wellington) Ltd

 

Accenture NZ Ltd 

Aura Information Security (Kordia Ltd)

Axenic Ltd

Caravel Group Ltd

Computer Science Corporation (NZ) Ltd

Datacom Systems

Deloitte

Detica

Easy Software Ltd trading as ESS

EY (Ernst & Young)

Grant Thornton NZ Ltd

IBM New Zealand Ltd

InPhySec Ltd

Johnson Partners Ltd

KPMG

PricewaterhouseCoopers NZ

Quantum Security Services

Resultex

SSS - IT Security Specialists

Security-Assessment.com

Unisys NZ Ltd 

 

Accenture NZ Ltd 

Aura Information Security (Kordia Ltd)

Axenic Ltd

Certus Solutions Ltd

Cogent Ltd

Computer Science Corporation (NZ) Ltd

ComSmart Ltd

Confide Ltd

Datacom Systems

Deloitte

Detica

Easy Software Ltd trading as ESS

EY (Ernst & Young)

Grant Thornton NZ Ltd

Hewlett-Packard NZ

IBM New Zealand Limited

Information Integrity Solutions Pty Ltd

Innocle Ltd

InPhySec Ltd

Intuisec

Johnson Partners Ltd

KPMG

Lateral Security (IT)

Service Ltd

MPA NZ Ltd

Planit Software Testing Ltd

PricewaterhouseCoopers NZ

Quantum Security Service Ltd

Resultex

RiskIQ Ltd

SSS - IT Security Specialists

Security-Assessment.com

(Dimension

Data NZ Ltd)

Sharp Elephant Ltd

UNIFY Solutions NZ Ltd

Unisys NZ Ltd 

 

Aura Information Security (Kordia Ltd)

Axenic Ltd

Central Region’s Technical Advisory Services Ltd (TAS)

Computer Science Corporation (NZ) Ltd

Confide Ltd

Datacom Systems (Wellington) Ltd

Deloitte

Detica

EY (Ernst & Young)

Grant Thornton NZ Ltd

Hewlett-Packard NZ

InPhySec Ltd

KPMG

Lateral Security (IT) Service Ltd

PricewaterhouseCoopers NZ

Quantum Security Service Ltd

Security-Assessment

(Dimension Data NZ

Ltd)

ZX Security Ltd

 

 

Source Code and Application Review

Network and Application Security Testing

Computer Forensics, Investigation and Security Incident Response

Accenture NZ Ltd 

Computer Science Corporation (NZ) Ltd

Deloitte

EY (Ernst & Young)

Grant Thornton NZ Ltd

Hewlett-Packard NZ

Insomnia Security Group Ltd

IntegrationQA Ltd

Aura Information Security (Kordia Ltd)

KPMG

Lateral Security (IT) Service Ltd

Planit Software Testing Ltd

PricewaterhouseCoopers NZ

Quantum Security Service Ltd

Security-Assessment.com

(Dimension Data NZ Ltd)

ZX Security Ltd 

 

Accenture NZ Ltd 

Aura Information Security (Kordia Ltd)

Computer Science Corporation (NZ) Ltd

Datacom Systems

Deloitte

Detica

EY (Ernst & Young)

Fujitsu

Grant Thornton NZ Ltd

Hewlett-Packard NZ

IBM New Zealand Limited

Insomnia Security Group Ltd

Intuisec

InPhySec Ltd

KPMG

Lateral Security (IT) Service Ltd

Planit Software Testing Ltd

PricewaterhouseCoopers NZ

Quantum Security Service Ltd

RiskIQ Ltd

Security-Assessment

(Dimension Data NZ Ltd)

Trustwave

Unisys NZ Ltd 

ZX Security Ltd

 

Computer Science Corporation (NZ) Ltd

Deloitte

Detica

EY (Ernst & Young)

Grant Thornton NZ Ltd

Hewlett-Packard NZ

IBM New Zealand Limited

InPhySec Ltd

KPMG

PPB NZ Limited

PricewaterhouseCoopers NZ

Security-Assessment

(Dimension Data NZ Ltd)

Trustwave

 

Agencies using the service

The service was announced in late 2013. As of May 2016, 50 agencies are actively using the panel.