07 March 2018
7 min read
Published by:
The QITC Framework
In August 2017, the Queensland State Government introduced the new Queensland Information Technology Contracting (QITC) framework for procurement of information and communications technology (ICT) products and services by Queensland Government.
In this QWIK QITC Series, we are providing general information in respect of how the framework operates.
In the previous edition of QWIK QITC Series, we considered the relevant provisions in the QITC contracts relevant to the procurement of Licensed Software, Developed Software, Third Party Software, and related Services.
In this edition of the QWIK QITC Series, we will consider the equivalent provisions when a Government Customer is procuring Products and Services for an As-A-Service.
What Products or Services are included in the As-A-Service provisions?
The As-A-Service provisions in the General Contract (clause 5.6) and the Comprehensive Contract (Module 3 – As-A-Service) contemplate three kinds of As-A-Service:
Key As-A-Service provisions
Government Customers and Suppliers should consider the following key issues, among others, when procuring As-A-Service under the QITC Contracts:
Takeaways
For Government organisations
Where you are procuring the As-A-Service for any critical services, such as emergency services, you should ensure that the Service Levels in the QITC contract reflect the importance of keeping such services accessible and available to the Government and the public, as applicable.
Take advantage of your audit rights in the QITC Contract to monitor the Supplier’s compliance with key requirements for the As-A-Service under the QITC Contract. You should discuss with the Supplier up front about the tools and mechanisms you will require to monitor their performance.
You should require that the Supplier is clear where any Customer Data is hosted on the As-A-Service, and how you can access, update and extract the Customer Data from the As-A-Service. Carefully consider where the Customer Data is stored, particularly if it is outside Australia. Also note guidance in relevant Government policies regarding security and cloud services, including the “ICT-as-a-service offshore data storage and processing policy”, the “ICT-as-a-service security assurance guideline” and the “ICT-as-a-service risk assessment guideline”, and your legislative obligations under the Public Records Act 2002 (Qld).
For suppliers
You should ensure that you specify a liability cap in the Contract Details/Module Order Form to limit your liability, including for loss of Customer Data as contemplated by the Module. Depending on the value of the Customer Data, any loss may result in significant liability risk.
Ensure that your Service Levels are achievable, particularly if you are providing a SaaS or PaaS solution that utilises a third party’s IaaS product. Be clear with the Government Customer where your As-A-Service depends on the availability a third party’s solution, and ensure that any third party provisions regarding suspension or downtime are reflected in the QITC Contract.
Review your security measures and procedures for your As-A-Service to ensure you meet the requirements under the QITC contracts. Be prepared for more stringent requirements where any Customer Data is highly confidential, or critical to Government functions.
In the next edition
In the coming editions of QWIK QITC, we will consider in more detail procurement of other Products and Services under the QITC Framework.
Authors: Trent Taylor & Barton Donaldson
Contacts:
Brisbane
Trent Taylor, Partner
T: +61 7 3135 0668
E: trent.taylor@holdingredlich.com
Paul Venus, Partner
T: +61 7 3135 0613
E: paul.venus@holdingredlich.com
Melbourne
Dan Pearce, Partner
T: +61 3 9321 9840
E: dan.pearce@holdingredlich.com
Sydney
Angela Flannery, Partner
T: +61 2 8083 0448
E: angela.flannery@holdingredlich.com
Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by: