There are three tiers of rules that guide the procurement decisions of Australian Government officials. The top two tiers are mandatory and apply to all agencies - they are also universal in nature as they apply to all forms of procurement.
These are outlined in the Commonwealth Resource Management Framework and the Commonwealth Procurement Framework. 14 In addition, security requirements are set out in the Protective Security Policy Framework.
Below this, there is a third tier of rules that are created by individual agencies. These rules are agency-specific policies and guidelines that interpret the central rules and provide practical advice to officials on how procurement should be conducted. These rules can apply to ICT procurement specifically or to all forms of procurement.
Outside of specific procurement rules, there is a range of other legislation that guides the actions of government officials. For example, the Public Service Act 1999 and the Crimes Act 1914 require officials to ensure the proper use of resources, act ethically and manage any conflicts of interest.
Key procurement principles: value for money and flexibility
The Commonwealth Procurement Rules, under the Commonwealth Procurement Framework, set out key principles for procurement.
Value for money is a core principle of the Commonwealth Procurement Rules. Achieving value for money requires government officials to consider relevant financial and non-financial costs and benefits such as quality, fitness for purpose, flexibility (including innovation) and whole-of-life costs. Under the rules, officials must also establish risk management processes when conducting a procurement and be satisfied that risks have been properly considered and treated. 16 This includes the security risks detailed in the Protective Security Policy Framework. The Framework provides policy, guidance and advice for governance, personnel, physical and information security (including for ICT systems).
Case Study: Cloud Services Panel and ASD Certification
Secured ICT systems e.g. those used to process or transmit sensitive data must first pass through a security accreditation process. This consists of three phases: audit, certification, and accreditation. Although accreditation for most systems is conducted on an agency-by-agency basis, the Australian Signals Directorate (ASD) must conduct all certifications of cloud products (certified providers are on the ASD website). These certification requirements are specified in the Information Security Manual.
Of the 110 current providers on the whole-of-government Cloud Services Panel (panels are a key government procurement mechanism) only five have certified systems. As non-certified providers can't provide cloud services until certified; this may impact on procurement from these businesses. The limited number of certified cloud providers could also affect take-up of cloud services across government.
Australia is a party to a range of bilateral free trade arrangements. International obligations arising from these agreements are reflected in the current Commonwealth Procurement Rules and must be considered in the development of any new rules.
The Commonwealth Procurement Rules do not formally prevent agencies from buying innovative technologies and services. Innovation can be taken into account under the "flexibility of proposal" criteria (above). In addition, the Commonwealth Procurement Rules also allow agencies to contract with industry following unsolicited proposals, as long as value for money is achieved. While the Commonwealth Procurement Rules are flexible in-principle, in combination with agency-specific rules, security requirements and contract terms, they may constrain innovative ICT technologies entering into government.
The implementation of the Commonwealth Procurement Rules differs across agencies. The devolved nature of the Procurement Framework means that each agency can establish a third tier of rules in response to their particular business needs and risk appetite.
In practice, this means that each agency can create additional agency-specific rules or internal processes. These rules may not be publicly available and create a wide diversity of requirements across Australian Government agencies. The impact of this is that vendors must learn multiple sets of rules if they wish to contract with more than one agency. Navigating these rules can consume additional time and resources without guarantee of return.
Role of ICT panels
Panel arrangements are a key mechanism used by the Australian Government to streamline procurement. In a panel arrangement, an initial approach to market is made and a number of suppliers are selected – after which procurement from selected panel suppliers can be made directly, removing the need to re-approach the market. This can mean a more streamlined and efficient process for procurers. In 2015-16, over 35 per cent of government ICT contracts by number, and almost 30 per cent by value were procured through panel arrangements.
Panels can be established at a whole-of-government level or created by individual agencies. There are currently almost 70 ICT and engineering services panels across government. Agencies that need to purchase certain ICT products such as telecommunications, end-user hardware and data centres 18 must purchase them through seven specific whole-of-government panels. It is estimated that the implementation of mandatory whole-of-government ICT panels has resulted in over $1.2 billion of cost reductions and savings since their introduction in 2008.
Despite the cost savings for government, for industry members getting onto panels can be resource intensive and there is no guarantee of work once a business is on a government panel. Panels may also require certifications or indemnities that some businesses are unable or unwilling to give. In addition, panels are often for fixed terms, which can make it difficult for new businesses to get onto existing panels. As such, panel processes and conditions create barriers to working with government.
The Department of Finance provides model contracts to simplify ICT procurement through the SourceIT contract suite. Model contracts exist for simple ICT procurement (e.g. hardware acquisition) and semi-complex ICT services (e.g. systems integration). In addition, there is ongoing work to simplify government ICT procurement. For example, the Digital Marketplace aims to make it much easier for businesses to connect, transact and collaborate with government buyers. Currently, all sellers listed on the Digital Marketplace are members of the Australian Government’s Digital Service Professionals Panel. In addition to Australian Government buyers, the Marketplace is open to local, state and territory government buyers. 20
The Department of Finance is also developing standardised templates for new panel arrangements. These templates are designed to be used for all government procurement and include the option to create a refreshable panel where new businesses can be added during the life of the panel. The whole-of-government Cloud Services Panel arrangement is an example of this new approach.
- 6. Are the Australian Government's procurement rules easily accessible, easy to understand and navigate?
- 7. How could the Australian Government's procurement rules and processes be improved to make it easier to offer innovative solutions to government?
- 8. What rules, including any security requirements, limit the Australian Government's use of cloud services?