The project
The Yoorrook Justice Commission (Yoorrook) is Victoria’s first and only formal truth-telling process into injustices experienced by First Peoples since colonisation.
Established as a Royal Commission under s.5 of the Inquiries Act 2014 by the Governor of Victoria, The Hon. Linda Dessau AC, it follows the resolution of the First People’s Assembly of Victoria and the State of Victoria to establish an independent Truth and Justice Commission as the foundation for new and positive relationships between First Peoples, non-Aboriginal Victorians and the State of Victoria.
In September 2021, Yoorrook undertook an open market procurement seeking a suitably qualified supplier to deliver IT as a Service (ITaaS) to support a high functioning office of around 45 staff with a possible need for it to fluctuate up to 55 staff in peak periods.
Yoorrook’s requirements for this service included:
- Cyber Security Services (ISM- PROTECTED)
The security offering for Yoorrook provided the necessary mechanisms to make sure Yoorrook’s data was protected to an appropriately managed level. The security managed services were built to identify, protect, detect, and respond to security threats and malicious activity across a broad range of areas.
Kapish delivered the technical expertise and security know-how required to keep Yoorrook secure. The offering included CISO as a Service (CISOaaS). CISOaaS brings in experienced leadership, value, and commitment to an organisation’s information security. Opting for CISOaaS provided Yoorrook with access to strategic security frameworks that fit the requirements of your enterprise and the requisite tools to execute and measure the outcome of these frameworks.
The CISOaaS balances challenges and priorities under the ‘four-face’ model, mainly: strategist, advisor, technologist, and guardian.
- STRATEGIST: Drive business and cyber risk strategy alignment, innovate, and instigate transitional change to manage risk through valued investments.
- ADVISOR: Integrate with business to educate, advise, and influence activities with cyber risk implications.
- TECHNOLOGIST: Assess and implement security technologies and standards to build organisational capabilities.
- GUARDIAN: Protect business assets by understanding the threat landscape and managing the effectiveness of the cyber risk program.
Yoorrook’s objective was to select a single supplier that could provide a “one-stop-shop” to establish and maintain a customer focused and scalable solution that delivers the right amount of hardware, software and support and can adapt quickly to meet the requirements of Yoorrook.
Kapish was selected as the preferred supplier, based on Kapish’s unique and innovative “Commission as a Service” offering and previous experience providing secure ISM-PROTECTED managed services.
Yoorrook had a requirement to rapidly establish the core managed services during the initial months of the service. This included a fit out and establishment of services in Yoorrook’s temporary accommodation in Melbourne within 2 weeks of contract execution, followed by a seamless transfer of services to Yoorrook’s long term accommodation in Collingwood. Kapish was able to demonstrate strong capability and a flexible approach in adapting to a fluid set of requirements as the service was being establish.
Yoorrook recently extended the contract with Kapish to September 2025, after which Yoorrook will conclude, following the tabling of the final report.
