Verizon’s contract to provide Australia’s Department of Human Services with a secure email service is “nearing its termination date” and the Department is therefore seeking a replacement service.
In a tender issued over the weekend, the Department says its ideal system will “ ... enable the transfer of Email data (including email attachments) over public networks in a secure manner,” and that it prefers “a system that receives secure email traffic and immediately forwards it over a secure channel to be stored on DHS messaging systems.”
The tender goes on to say that the system must also:
- “provide data integrity and security while being transmitted over public networks (such as the internet);
- be compatible with relevant email standards for interoperability with DHS customers, Portfolio Agencies and other Government Departments;
- allow self-service (or automated) reporting on user registration and message volume trends;
- include intrusion detection and monitoring; and
- include virus detection and removal;
but must not significantly alter “accepted” end user email operations. For the sake of clarity, end users that are currently familiar with the use of Email technology should be able to use the proposed system with no training. Documentation for the use of the proposed system by end users will be an expected deliverable of the solution.”
While the tender does not describe the kind of material it wishes to secure, it does state that the emails travel “... between itself, its customers and other bodies.”
Around 2000 users are expected to use the system once it is commissioned.
Other criteria a successful tenderer must meet include:
- include certification of the Solution Design by DSD pre implementation and final certification by of the solution by DSD post implementation;
- include certification of the facility for the hosting and storage of Australian Government data classified to the PROTECTED level by ASIO T4; and
- be appropriate for use with PROTECTED data in anticipation of IN-CONFIDENCE data traversing the system. (Reference: Protective Security Manual 2000, Part C, paragraph 7.122: “Government Approved Equipment must be used for RESTRICTED and non-national security information”.)
24/7 support and 98% uptime are mandatory, while the Department also hopes it can secure “automated, self-service, end-user registration, automated account clean-up policy and processes and ... system design that alleviates the requirement for local storage of message traffic.”