The Victorian Government Solicitor’s Office (VGSO) has flagged it’s looking at the wording of government ICT contracts with a view to better supporting innovative procurement processes and solutions – such as cloud and Agile delivery models.
I have long held the belief that government needs to embrace innovative procurement practices to achieve the desired levels of economic development in Victoria.
It’s innovative procurement practices that will support greater industry involvement. And whether government is buying technology, works or consultancies, it’s industry involvement that will deliver stronger value outcomes for everyone.
Examining the underlying government contract terms is an important step towards supporting innovative procurement models. I was very interested and encouraged to hear that the Victorian Government Solicitor’s Office (VGSO) is starting to think along these lines, judging from a recent presentation to government departments and agencies on opportunities and challenges for government in ICT contracts.
The VGSO highlighted a number of existing standard contract clauses that are not keeping pace with new models of procurement and delivery — specifically cloud and Agile delivery. The VGSO also proposed modifications that support the delivery of a solution rather than a piece of software or a system (for example).
This is such a great step in the right direction that I wanted to share some of the key areas within government contracts that the VGSO identified need to better align with innovative delivery models. If government and industry can develop approaches that address these areas, we will be able to foster stronger partnerships that do deliver innovative outcomes.
Existing government contracts present a challenge with procuring a cloud-based service because they are structured around procuring licenses, implementation, integration and maintenance – not all of which are relevant in the same way for cloud services.
The VGSO has pointed out that contracts need to evolve to a point that they accommodate government buying a service only, and address points that support the delivery, security and privacy of that service, as well as appropriate risk allocation. New contract models should therefore address:
- Availability, scalability and use of services
- Continuity of service and notices on service suspension
- Business continuity/disaster recovery
- Reviews of changes/updates, and
- Transition of services and the provision and format of data being transitioned into the cloud solution.
Data security and privacy issues relating to cloud service delivery have long been discussed in government circles. The VGSO specifically raised the following points that need to be written into contracts to support cloud delivery:
- Compliance with the whole of Victorian Government Information Security framework
- Compliance with Privacy and Data Protection Act 2014 requirements and standards (when issued)
- Compliance with the Victorian government’s Information Privacy Principles (IPPs) including:
- ‘reasonable steps’ to protect personal information held by agencies from misuse and loss and from unauthorised access, modification or disclosure, and
- the ‘transfer’ of personal information outside Victoria if the recipient is subject to law, binding scheme or a contract that are substantially similar to the IPPs
- The need for the government to manage these risks within the contract, not use the contract to shift risks of security/privacy compliance to a supplier
- Removal of data on termination, and
- The need for audit/independent evaluation reports on protection of data.
Appropriate risk allocation in government contracts was discussed in terms of indemnities and liabilities; for example, relating to the loss of data (indirect or consequential loss). A suggested approach from the VGSO was for new contract models to:
- Limit scope of liabilities and consider procedure for claims
- Seek indemnities from suppliers on key risks (IP, confidentiality, security/privacy) that are readily insurable, and
- Negotiate low overall caps, with higher caps on key risks (confidentiality/security privacy) if possible.
I think these initiatives represent a practical approach to contracting for delivery models, in particular linking liability and indemnity to the real risks that need to be managed under a contract.
The Agile project delivery methodology can deliver benefits in shorter delivery timeframes and evolution to meet client priorities. However, it also requires government and industry to take a more mature approach to procurement, by thinking beyond ticking boxes and considering broader factors such as complexity and risk profile. Contracts also need to support the Agile delivery process, a phased pricing model and risk sharing.
As an example, the VGSO noted that some of the terms in the existing eServices Agreement were not appropriate or well aligned to Agile service delivery. These related to:
- The technical specification
- Acceptance criteria and process
- Managing variations, and
- Contract price schedule.
I note that a new contract model also needs to consider better risk allocation, performance management, extension of term, IP and payment mechanisms.
It’s certainly encouraging that the VGSO is thinking about contractual support of cloud and Agile delivery. This will hopefully send signals to government procurement bodies and executives to better embrace these delivery models, where the risk and complexity profile of a procurement is appropriately aligned.
I think it would be beneficial for a similar session, again looking at reviewing the structure of government contracts to better support innovative procurement practices, to be offered to industry. When government and industry start to consider the same procurement and contract issues, reinforcing each other’s positions, we will start to realise real progress.