Only invited sellers can apply for an 'Open to one' or 'Open to selected' opportunity.

Learn more about Open to selected opportunities.

Sign in to continue

Australian Taxation Office

IRAP Assessment of ATO developed application

Important dates

Opportunity ID
Deadline for asking questions
Friday 3 August 2018 at 6PM (in Canberra)
Closing date for applications
Wednesday 8 August 2018 at 6PM (in Canberra)
Wednesday 1 August 2018


Write a summary of your brief

Certified IRAP Assessor to audit major government initiative - myGovId and Gatekeeper accreditaion.

What is the latest start date?
How long is the contract?

Where can the work take place?
Australian Capital Territory
Who will the specialist work for?
Australian Taxation Office
Budget range

About the work

Why is the work being done?

MyGovID is an ATO in house developed application designed to improve the user experience through increased convenience and flexibility when interacting digitally with Government. It is a credential solution that allows an entity to access whole of government services on any device using their device’s registered passphrase or alternative credential (faceprint / fingerprint) combined with the device ID to authenticate.

The ATO requires an authorised auditor to conduct an audit of compliance on the myGovID system and Gatekeeper. This audit is to be conducted in accordance with the ISM and DTA Gatekeeper framework.

What's the key problem you need to solve?

IRAP Assessment is required to ensure that myGovID system and Gatekeeper Components comply against Trust Framework: Protective Security requirements.

Describe the users and their needs

ATO requires IRAP assessor to indepentantly audit the security controls as per Trust Framework: Protective Security requirement and in accordance with the ISM and DTA Gatekeeper framework.

What work has already been done?

Who will the work be done with?

ATO Infrasctucture Service provider.

ATO teams e.g. Infrastructure Support, IT Security, Application Development, Solution Archtect etc.

Any additional relevant information?

Interstate Travel will be required

In parallel to submitting through the portal, please forward a proposal and relevant CV's to

What phase is the work in?

Work setup

Where will the work take place?

Australian Taxation Office

National Office

21 Genge Street, Civic

Canberra ACT

What are the working arrangements?

On Site for confirming evidence and interviews.

Is security clearance required?


Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.

Essential skills and experience
  • IRAP Certified
  • Audit in line with ISM, PSPF, DTIF
  • Demonstrated ability to audit IaaS cloud systems
  • Proficient with PKI and gateway accreditation
Nice-to-have skills and experience

How sellers will be evaluated

How many shortlisted sellers will you evaluate?
Proposal criteria
  • Technical solution
  • How the approach meets ATO goal
  • Estimated timeframes for the work
  • Value for money
Cultural fit criteria
Work as a team with our organisation
Payment approach
Capped time and materials
Assessment methods
Written proposal
Evaluation weighting

Technical competence

Cultural fit


Seller questions

Seller questions
Seller question Buyer answer
1. Noting that interstate travel will be required, how many locations will need to be visited for inspections/interviews and where are they? DXC Offices Canberra Eastern Creek & Ultimo in Sydney
2. By when is the assessment to be completed? The proposed time line is based on 6 weeks period from the starting date. 1. Latest start date 20/08/2018 2. Audit to conclude by 28/09/2018 3. Draft Audit report by 05/10/2018 4. Final report by 12/10/2018
3. What cloud components are included in the scope of the assessment? AWS provides IaaS for ATO. Anything not covered under the IaaS banner will need to be included, eg access control, software security, monitoring etc.
4. Noting that the Assessor’s clearance has been specified at NV1, will the assessor need to review classified documents? If so, will these classified documents be made available in a regional ATO office or JCSC office close to the Assessor’s location (e.g. Sydney)? The majority of documentation is UNCLASSIFIED – FOUO. Classified documentation can be viewed at ATO National Office, Canberra.
5. Noting that the payment approach is capped time and materials, how would the ATO like travel expenses to be estimated? The ATO will provide travel, this does not need to be within the quote.

Only invited sellers can apply for an 'Open to one' or 'Open to selected' opportunity.

Learn more about Open to selected opportunities.

Log in to continue