NSW Government has launched its new shortform ICT contract – the Core& agreement – as part of its program to transform ICT procurement. The aim of that program is to deliver end-to-end commercial lifecycle management that optimises how NSW Government buys and uses technology.
1 What is the Core& agreement?
The Core& agreement will become part of the NSW Government’s Procure IT contracting framework.
All NSW Government agencies are required to use the Procure IT contracting framework when they buy information and communications technology (ICT) related goods and services from a supplier. This is mandated by Procurement Board Direction 2017-02.
Suppliers of ICT to NSW Government are required to be registered on the ICT services prequalification scheme, and part of prequalification to that scheme is agreement to the Procure IT framework.
2 What arrangements does it apply to?
The Core& agreement is intended to replace the existing short form Procure IT contract. The existing short form contract only covered ICT procurement up to value of $150,000 (excluding GST). The new Core& agreement is able to be used for all ICT procurement that is low risk and up to the value of $500,000 (excluding GST).
In calculating whether the value of a procurement is over $500,000, it should be expected that the previous guidance in relation to the old short form Procure IT still applies, so that a single procurement should not be split into multiple orders for purposes of remaining below the threshold.
3 When is a procurement considered low risk?
Whether or not a procurement is low risk is determined by the contracting agency. The DFSI Core& Agreement (Low Risk) – Guidelines emphasise that a comprehensive risk assessment should be conducted by the agency before using the Core& agreement to ensure that the procurement is low risk.
The Guidelines provide some guidance that procurement of the following types of ICT solutions would not be considered low risk:
• critical inputs to other projects which themselves have a higher risk profile
• solutions which could severely or critically affect an agency’s functions or service delivery
• solutions which involve “Personal Information” being stored or transferred offshore, or being accessed remotely from offshore by persons who are not authorised
• solutions which involve the performance of services or access to classified environments which require security or police clearances
• solutions which involve multiple specialists from different vendors, increasing risks around co-ordination and the provision of deliverables within a budget
• solutions which could attract publicity or media attention, increasing the likelihood of additional probity or risk management requirements or political scrutiny.
The Core& agreement was launched on 1 August 2018. We are currently in a transitional period, during which agencies can choose between using the old short form Procure IT contract (for procurements below the $150,000 threshold) or using the new Core& agreement (for low risk procurements below the $500,000 threshold).
The transitional period ends on 31 October. From 1 November the use of the Core& agreement is mandatory for all government agencies for procurements to which it applies. The old short form contract can no longer be used from that time.
Existing contracts continue on their current terms.
5 What does the Core& agreement consist of?
The Core& agreement consists of a set of Core Terms plus Solution Requirements. There are 4 available Solution Requirements:
• Professional services: this is for services that requires a supplier to produce deliverables meeting an agency’s requirements. It is not intended to be used for contracted personnel working under the direction of the agency – those services are procured via another scheme.
• As-a-Service: this will cover, in particular, cloud services which will often be standard, low value and low risk procurements. Particular thought will need to be given, however, to whether any data is stored or hosted offshore as part of the cloud service.
• Software: this covers licensed software that will be hosted by the agency, and includes options for maintenance and support. This would not be appropriate for a systems integration, development or configuration project.
• Hardware: this covers a one off supply of hardware. It does not cover ongoing ordering of hardware, nor does it include an option for hardware leasing.
6 What are the key terms of the Core& agreement?
The Core& agreement provides that:
• Intellectual Property: All IP is retained by the supplier, and licensed to the agency, except in the case of Professional Services where IP will be owned by the agency unless specified otherwise in the Solution Requirements. Ownership of existing materials is unchanged. Any agency data is owned by the agency.
• Privacy and Security: the supplier must comply with relevant laws and industry standards and to notify the agency within 48 hours of any security breach.
• Liability: The supplier’s liability is capped at two times the agreement value, subject to exclusions for personal injury, property damage or breaches of IP, confidentiality or privacy. There is no exclusion of liability for consequential loss.
• Termination: Either party may terminate for breach if the breach is not remedied within 14 days of notice. The agency may terminate for convenience subject to paying for disengagement assistance on a time and materials basis.
7 Can the Core& agreement be amended?
Government agencies are not permitted to vary the standard terms and conditions of the Procure IT framework without the written approval of the Department of Finance, Services and Innovation (DFSI) except in the case of beneficial variations which clearly improve the agency’s contracting position. However DFSI has said that it will approve even non-beneficial variations provided that they are reasonable and necessary to accommodate unique features of a particular procurement.
Examples of beneficial variations are amendments improving or adding to the agency’s legal rights by imposing additional obligations on the supplier. Although beneficial variations do not require DFSI approval, agencies are required to give prior written notification of such variations to DFSI Legal supported by legal advice confirming that the variations are beneficial in nature.