Cyber Security Testing

Descriptions

The Contracting Authority requires the successful tenderer to 1. Perform twice-yearly manual and automated penetration tests of the Contract Authority’s website https://www.charitiesregulator.ie 2. Perform twice-yearly manual and automated penetration tests of the Contracting Authority’s digital platform customer portal https://portal.charitiesregulator.ie. Tests must be performed from an unauthenticated base (malicious attack) and an authenticated base (access to controlled areas of the application and user privileges) 3. Produce a technical security assessment rating for both assets showing any threat factors and open vulnerabilities 4. Produce a threat factor of the overall risk of the selected assets 5. Present and explain the security assessment report to the Contracting Authority business support team and make recommendations 6. Conduct repeat tests, on request, for high priority vulnerabilities identified when recommendations presented have been implemented Note: Penetration testing of the back office supporting the customer portal is not required and is out of scope for this tender.