Download PDF
AustraliaOS

Asia-Pacific Telecommunications Vendor Assessment

Subject: Asia-Pacific Telecommunications Vendor (Anonymised)
Summary
High-risk foreign-controlled supplier. Escalation required due to state-linked ownership concentration, foreign legal compulsion exposure, and vendor-retained remote technical control.
Assessment Outcome
Risk level: High Risk score: 74/100 Confidence: 86
Key Risks
  • State-linked ownership concentration
  • Foreign legal compulsion exposure
  • Vendor-retained remote technical control
  • Offshore software maintenance and update pipeline
  • Operational exposure to sensitive government communications pathways
Decision: Escalate
Required Controls
  • No approval before designated authority review is complete.
  • Any approval must be conditional on an Australian-controlled update verification path.
  • No live vendor remote administration on production government-connected systems.
  • No deployment into higher-classified environments without re-assessment.
Mandatory Mitigations
  • Contract must include disclosure obligations for ownership and control changes.
  • Require immutable audit logging for all maintenance actions and update events.
  • Implement Australian-controlled staging for all firmware and software updates.
Enforcement Requirements
  • Embed directive conditions into contract schedules with termination rights for breach.
  • Require notice of ownership, board, and jurisdictional control changes within 5 business days.
  • Disable vendor remote administration on live systems.
  • Route all updates through an Australian-controlled staging and verification environment.
  • Retain immutable privileged-access and update-event logs.
  • Restrict deployment to approved environments pending escalation outcome.
  • Prohibit expansion of supplier scope without re-assessment.
  • Restrict case distribution to personnel with operational need to know.
  • Preserve all supplier submissions, technical annexes, and assessment records for audit.
Escalation Authority
Attorney-General's Department
Monitoring
  • Review due: 17 April 2027.
  • Change in beneficial ownership structure
  • New foreign government contract, grant, or cooperation agreement
  • Material architecture or update pipeline change
  • Change in classification or operational use of affected systems
Final Procurement Position
Do not approve under current conditions. Escalate for formal review to Attorney-General's Department before award, deployment, or scope progression.
Classification: OFFICIAL:Sensitive
Reference: AO-CASE-001
Rendered: 17 April 2026, 17:05 UTC