In an era where digital resilience is essential for public sector operations, one regional council in New South Wales found itself exposed. With no adequate IT infrastructure or cybersecurity systems in place, the council faced increasing risks, from data breaches to operational disruptions. Through a structured and collaborative procurement process, the council turned this vulnerability into an opportunity for transformation.
The Challenge: A Digital Deficit
The council, serving a population of just under 2,000, had historically relied on IT companies that provided support services, with day-to-day IT often managed by internal staff with limited technical expertise. There were no formal cybersecurity protocols, no endpoint protection, and no disaster recovery plan. As cyber threats became more sophisticated and compliance requirements increased, the council recognised an urgent need to modernise.
The Turning Point: Risk Assessment and Stakeholder Engagement
The journey began with a comprehensive risk assessment that highlighted critical vulnerabilities in data handling, system access and network security. This assessment was presented to the executive team, who quickly endorsed the need for investment.
A cross-functional working group was formed with representatives from finance, governance and community services. Their goal was to define the scope of IT and cybersecurity needs and develop a procurement strategy that aligned with the council’s budget and long-term objectives.
The Procurement Process: From Scope to IT & Cybersecurity Managed Service Provider
LGP’s Strategic Procurement Solutions (SPS) was engaged to facilitate the procurement process. An IT and Cybersecurity Subject Matter Expert supported the project to provide technical advice and ensure the council’s needs were well understood. The objective was to identify and appoint a suitable IT and Cybersecurity Managed Service Provider.
The process followed a structured approach:
-
Needs Analysis
Reviewed the council’s existing IT infrastructure and identified core needs such as servers, cloud services, endpoint protection, backup systems, firewalls, monitoring, cybersecurity awareness training and incident-response capability. -
Market Engagement
Issued a Request for Information (RFI) through LGP’s IT&C Products, Services and Consulting Contract (LGP115-2) to gauge interest from approved contractors. -
Document Development
Developed a Request for Quote (RFQ) with clear evaluation criteria, including local government experience, customer service, technical capability and ongoing support. -
Evaluation and Award
A panel, including the IT and Cybersecurity SME, assessed submissions and selected a Managed Service Provider with a proven track record supporting regional councils.
The Outcome: A Resilient, Future-Ready Council
Within six months, the council had implemented a secure cloud-based IT environment, introduced multi-factor authentication, and rolled out a cybersecurity awareness program for staff. A managed services agreement now provides 24/7 monitoring and support, while regular audits and penetration testing have been integrated into the council’s governance framework.
Lessons Learned
-
Early stakeholder engagement ensured buy-in across departments.
-
Clear procurement documentation attracted high-quality contractors.
-
Strong supplier relationships are essential for ongoing digital resilience.
Looking Ahead
This council’s journey demonstrates how even the most digitally underprepared organisations can make significant strides with the right procurement strategy. The council now meets cybersecurity compliance standards and serves as an example for other regional bodies facing similar challenges.
If your council needs support in finding an IT and Cybersecurity Managed Service Provider, please contact us.
Contact details:
Mihaela Stancu: [email protected]
SPS Team: [email protected]
Mobile: 0457 534 896