Tax office ditches ad-hoc security approach

In line with its AU$312 million Change Program, the ATO is seeking quotations for the provision of consultancy services and expertise in assessing its IT security architecture, with the contract scheduled to start on 25 October.

The ATO said that its ICT security architecture and design has been an "ongoing and evolutionary development" and that security development has previously been undertaken on an ad-hoc basis.

However, recent security initiatives focused on specific target areas, such as Internet Security Framework (ISF), Business Authentication Framework (BAF), Access Control Enhancement (ACM) projects, and Secure ATO Firewall Environment Redevelopment (SAFER), have pushed the ATO to deliver a more holistic approach to its security.

"Now, in order to move into the future with confidence in the security of its systems, the [ATO] needs to adopt a holistic approach to its systems security, instead of the previous siloed approach. The [ATO] requires a fully integrated security architecture, in line with world's best practice," the ATO said.

The [ATO] is seeking consultants to undertake a comprehensive review to assess the current Security Technology Architecture for the ATO in the context of the security requirements identified to date.

The ATO said that with the security review, they aim to "develop an enterprise view of the security architecture that facilitates the combined Change Program and Business As Usual requirements".

The outcome from this consultancy, which will be based in Canberra, will assist the ATO to "determine the scope of future security architecture development initiatives".

The preferred tenderer is expected to assist the ATO in its investigation and identification of opportunities to leverage the existing security architecture better, with enhancements in usability, simplification, manageability, cost effectiveness and improved performance aspects.

The preferred tenderer will also be expected to satisfy user requirements for an improved security architecture including users within the tax office and in the client community and develop a transition strategy to a new security architecture that can be the template for future security initiatives.

The ATO said they will carefully consider situations in the future if the preferred tenderer decides to tender for any future work that may result in relation to the ATO security architecture.

"This is an issue that will need to be carefully managed by the ATO during the evaluation and any resultant contract. As a guide only however, the ATO will not preclude any supplier from bidding for any further tender based on some parameters," the ATO said.

The ATO previously sought for tenderers for the provision of telephone and Internet bill payment services which enables taxpayers to pay their tax and child support bills by telephone or the Internet.