Topics: IT Services; Cloud; Cybersecurity; Fed.
The Department of Finance has begun ramping up support for the Whole-of-Government (WofG) web hosting and content management service govCMS by offering federal, state and territory agencies an improved range of Drupal development and cybersecurity services.
After announcing a panel arrangement to simplify contract management arrangements with service providers and reduce the cost of developing and implementing govCMS solutions in October 2016, Finance issued a Request for Tender (RFT) for a govCMS Drupal Services Panel in late December 2016.
The panel aims to lighten Finance’s workload, as well as help agencies access new features of govCMS, by allowing “agencies to procure support to manage their Drupal-based websites, and improve support to entities moving to govCMS”, states tender documents.
“Currently, Finance is performing the roles of technical advisor and coordinator for entities moving to govCMS”.
The services to be offered by suppliers will fall under two categories:
- General Drupal Services, including: Solution design and technical architecture advisory services; Drupal application programming services; build and migration services; integration services; and
- Fixed Price Drupal Services, including: Website re-hosting and installation services; content migration and consolidation services; site audits and technical review services; and on-going technical support services.
Suppliers will be required to provide all services under the General Drupal Services category, and may choose to provide some or all of the services under the Fixed Price Drupal Services category.
Finance has also reinforced the security of govCMS websites. It recently approached the market for Content Distribution Network (CDN) services, Web Application Firewall services and Distributed Denial of Service (DDoS) protection services to be up and running from late April 2017.
“Collectively the services are intended to protect against as many types of attack as possible and ensure the protected web sites remain available and responsive at all time”, tender documents state.
The chosen supplier will need to automatically detect and respond to DDoS attacks, alert and report DDoS attacks to Finance, and provide Finance with advanced warning of events, such as G20 meetings, that could be attacked.
The required capacity of the service is 50 individual websites and up to 100 million hits a month.
Suppliers responding to the tender will be required to indicate the physical location of the data centres hosting the cybersecurity services, as well as state if the services are listed on the Australian Signals Directorate Certified Cloud Service List or are undergoing certification.
There are now more than double the number of live govCMS websites than there were at the start of 2016 (51 in February 2016 versus 119 in January 2017), and there are a further 18 currently in the pipeline. The number of agencies using the platform also increased from 30 to 52 during this time.
The majority of the 137 live or in development sites are now based on the Platform-as-a-Service govCMS offering, a feature which has only been available since December 2015.
The adoption of the platform progressed rapidly since it was announced as the technology solution that would sit behind the Digital Transformation Agency’s single government website GOV.AU. However, after failing to meet its August 2016 deadline, it has recently come to light that GOV.AU will not go ahead in its original form.
As reported by the Canberra Times, the Assistant Minister for Cities and Digital Transformation Angus Taylor made the decision not to proceed with the proposed approach for the GOV.AU project in late 2016 favouring a “more distributed model”. GOV.AU will now be transformed into a broader channel strategy.
govCMS continues to be supported by the Acquia Cloud Site Factory platform, which is hosted on Acquia Cloud Enterprise infrastructure within the Amazon Web Services cloud environment.
Submissions to the govCMS Drupal Services Panel RFT will close 3 February, and the DDoS protection RFT will close 21 February.