The Department of the House of Representatives (DHR) is located at Parliament House, Canberra. Its purpose is to:

• support the House of Representatives, and the wider Parliament, in the role of a representative and legislative body primarily by providing advice and services, and through engaging with the community and other parliaments.

The majority of ICT services used by DHR are provided by the Department of Parliamentary Services (DPS). This includes applications development and support, as well as cyber security. DHR has several separate SaaS ERP systems for financial and HR information (Tech1, Aurion and Expense8). These systems are integrated with the parliamentary computing network (e.g. SSO) but are not within DPS' direct oversight.

A recent ERP boundary review of these systems identified gaps in documentation and/or outdated security documentation.

DHR is therefore seeking services on a Time and Materials basis to review and update the security documentation for these ERP systems. This includes, but may not be limited to, high-level design documents, system security plans and incident response plans. These documents should align with the following policies and standards:

• Australian Government Information Security Manual (ISM)
• Australian Government Protective Security Policy Framework (PSPF)
• AS/NZS ISO 31000:2018

As the SaaS ERP systems are integrated with the parliamentary computing network managed by DPS, DHR intends to ensure the documentation also aligns with the DPS Security Accreditation Framework and DPS Security Accreditation Handbook. These documents will be provided to the successful vendor on commencement.

After engagement and in conjunction with DHR, the successful vendor will develop a project plan for reviewing and updating the ERP system documentation.

Any personnel provided for this work must have a current NV1 security clearance as a minimum.