Closed

Protective Security Policy Framework (PSPF) Gap Analysis and Remediation Planning

Tender ID: 607125

Tender Details

Organisation:
Austroads Ltd
Tender #:
DTS6677  
Status:
Closed
Publish Date:
27 February 2026
Closing Date:
26 March 2026
Closing Time:
11:00 AM (Australia/NSW)

Tender Description

Purpose:

Austroads seeks responses from appropriately experienced service providers to undertake a comprehensive Australian Government Protective Security Policy Framework (PSPF) gap analysis and remediation planning engagement for the National Exchange of Vehicle and Driver Information System (NEVDIS).

This Request for Tender (RFT) invites suitably qualified vendors to assess the current state of NEVDIS security policies, controls and organisational capability against PSPF requirements and to provide a prioritised remediation roadmap and sustainable operating model for ongoing compliance.

Deliverables:

D1 - PSPF Gap Analysis Report

•The tenderer shall deliver a comprehensive report detailing the current-state assessment findings against the PSPF, including:

•Executive summary suitable for Board and senior leadership consumption

•Recommended scoping and classification of the system and its data

•Detailed findings mapped to each applicable PSPF policy and supporting ISM control

•Current maturity rating for each control area using an agreed assessment framework

•Evidence base for each finding, including artefacts reviewed, interviews conducted, and technical assessments performed

•Risk rating for each finding or control leveraging Austroads Risk Management policy.

D2 - Recommendations Paper

•The tenderer shall deliver prioritised recommendations paper addressing all identified gaps. This paper shall:

•Categorise gaps by severity (critical, high, medium, low) and by domain (technology control vs. organizational / governance)

•Provide specific, actionable recommendations for each identified gap

•Include estimated effort, complexity, and indicative cost ranges for remediation activities

•Propose a phased remediation roadmap with logical sequencing and dependency mapping

•Identify quick wins that can be implemented within 90 days alongside longer-term structural improvements

•Address interdependencies between technology control remediation and organisational capability development

•D3 - Resourcing Plan – Hybrid Operating Model

The tenderer shall deliver a detailed resourcing plan for the ongoing operationalisation of PSPF compliance, recommending a hybrid model. This plan shall:

•Suggest a target-state Information Security organisational structure to support NEVDIS

•Suggest a hybrid contract vs permanent staff approach, which roles should be filled by internal Austroads staff (for knowledge retention, strategic continuity, and institutional context) and which are suited to vendor provision (for specialist skills, scalability, and cost-efficiency)

•Include role descriptions, indicative FTE requirements, and capability profiles for each position

•Define the vendor engagement model, including scope of managed services, service level expectations, and governance arrangements

•Provide indicative annual operating costs for the hybrid model across a three-year horizon

•Include a transition plan for standing up the hybrid model, accounting for recruitment lead times and vendor onboarding

Address knowledge transfer requirements and mechanisms to prevent vendor lock-in

D4 - Executive Presentation

• A presentation summarising findings, recommendations and plan to achieve compliance.

Also included as part of this tender are the following documents:

• Master Services Agreement outlining our Terms and Conditions.

All submissions that are research project based must adhere to the Austroads style requirements and the Australian Government Style Manual

Summary of Austroads Publication Requirements for Research Reports:

Consultants engaged to deliver research reports for Austroads are required to use a standard report template designed to ensure clarity, consistency, and accessibility across all published outputs. While the full template will be provided upon contract commencement, the following outlines the key requirements tenderers should be aware of:

General Formatting and Style

• Reports must follow the Australian Government Style Manual, particularly in relation to:

  • Inclusive and accessible language
  • Grammar, punctuation, and capitalisation (e.g. sentence case for most headings)
  • Referencing and attribution

• Use pre-defined Austroads styles for all headings, body text, tables, figures, and captions. Manual formatting (e.g. changing fonts or colours directly) is not permitted.

• The Table of Contents must be auto-generated and kept updated.

• The report should be:

  • Logically structured: Each section must contribute to the report's purpose.
  • Consistent: No conflicting information or contradictions.
  • Thorough: All aspects of the agreed scope must be fully addressed and justified.

Content Development Guidelines

• The Summary and Section 1 (Introduction) are mandatory for all reports.

• Reports must include appropriate referencing for external sources, data, and studies.

• Any copyrighted material used must have documented permission and be properly acknowledged.

• A qualified editor must review the report before submission to ensure correct grammar, spelling, and readability.

Figures and Tables

• All figures and tables must:

  • Be sequentially numbered
  • Include a clear caption inserted using the Microsoft Word Insert Caption tool

• Images and diagrams must be clear, relevant, and referred to in the text.

Technical Details

• Specific instructions are included for each section within the template (e.g. expected content, structure, and formatting).

• Reports must avoid "style corruption" often caused by copying and pasting formatted text—authors must verify styles remain consistent with Austroads' format.

• Reports should be reviewed to ensure there is no duplication, ambiguity, or omission of scope elements.

Location

Western Australia   :   Gascoyne   :   Goldfields/Esperance   :   Great Southern   :   Kimberley   :   Mid West   :   Peel   :   Perth Metropolitan   :   Pilbara   :   South West   :   Wheatbelt  
New South Wales   :   Central West   :   Far North Coast   :   Far West   :   Hunter   :   Illawarra   :   Mid North Coast   :   Murray   :   New England   :   Orana   :   Riverina   :   Southern Highlands   :   Sydney  
Queensland   :   Cairns & Far North Queensland   :   Gladstone   :   Mackay Whitsunday Region   :   Mount Isa & North West Region   :   Rockhampton   :   South East Queensland   :   South West & Darling Downs   :   The Central West   :   Townsville   :   Wide Bay Burnett  
Victoria   :   Barwon South West   :   Gippsland   :   Grampians   :   Hume   :   Loddon Mallee   :   Melbourne  
South Australia   :   Adelaide   :   Eyre & Western   :   Far North   :   Fleurieu & Kangaroo Island   :   Limestone Coast   :   Murray & Mallee   :   York & Mid North  
Northern Territory   :   Barkly   :   Big Rivers   :   Central Australia   :   East Arnhem   :   Greater Darwin   :   Top End  
Australian Capital Territory  
Tasmania  

Category

Engineering & Research & Technical Based Services   :   Transport Planning & Traffic Engineering  
Management Advisory Services   :   Management Consulting