Search

Learnings Australia can take from other jurisdictions

Importance of central coordination

4.29 It is beneficial to have a central authority, such as the DTA, stewarding and fostering effective relationships with the major technology sellers – supported by a clear mandate, legislative frameworks and financial control.

4.30 Shared Services Canada (SSC) and New Zealand’s Government Chief Digital Officer (GCDO) demonstrate that centralised leadership ensures the coordination and governance required to streamline procurement and enhance service delivery. Such structures empower agencies to implement cohesive and standardised approaches across technology initiatives.

4.31 Central control maximises negotiating power, enabling governments to secure more favourable terms. By consolidating purchasing power, central authorities can leverage scale to secure improved pricing and deliver value-for-money outcomes for agencies, an approach that particularly benefits those with smaller resource profiles.

4.32 Further, the New Zealand GCDO is considering the implementation of a budget prioritisation mechanism for digital investments, similar to the model the DTA has with the Investment Oversight Framework and the Digital Investment Plans.

4.33 The SSC’s Centre of Expertise in Agile and Innovative Procurement was also established in 2019. It focuses on supporting government procurement teams and removing barriers to entry for smaller business with respect to complex government tender processes.

4.34 At approximately the same time, in Australia in March 2019, Finance established the Commonwealth’s Centre of Procurement Excellence (CoPE). CoPE provides advice, training and support the broad procurement capability uplift across the Commonwealth, however, it does not specialise in technology. It is important to note there are substantial complexities in the procurement of technology platforms, with specialist knowledge of the technological solutions often required to support procurement activities. Further, through engagement activities, this review is aware of several specialist technology procurement functions which exist in pockets throughout the Commonwealth (e.g. PM&C, DEWR, Defence), and that could be complemented by a model similar to that of Canada. In other words, Australia could benefit from having a DTA-led technology procurement specialist capability.

4.35 Further to the above, when comparing to arrangements the SSA sellers have with other government agencies globally, the value of central coordination by the DTA was also echoed by several of the SSA sellers.

Enable tailoring and flexibility

4.36 Other nations and Australian States and Territories interviewed all shared similar views about the importance of ensuring whole of government arrangements remain fit-for-purpose by tailoring and driving flexibility to address diverse agency needs and risk profiles, and adapt to technological changes over time.

4.37 Canada’s experience in respect of managing the diverse risks and priorities which differ significantly between agencies highlights the importance of enabling flexibility and tailoring. Shared Services Canada needs to accommodate variations across 213 agencies, from Mountain Rangers in remote regions to administrative specialists in urban locations, to ensure the effectiveness of their centralised agreements. This diverseness can be likened to Australia’s, with technology needing to be able to cater for Australians and the Australian Government across an equally diverse range.

4.38 Flexibility within centralised arrangements also ensures that whole of government arrangements can adapt to changing operational demands and technological advancements. By integrating mechanisms that reflect the unique challenges and objectives of individual agencies, governments can foster resilience and alignment ensuring continued relevance and efficiency in service delivery.

Consolidated reporting means better decision-making

4.39 Accurate and centralised data collection is fundamental to making informed decisions about technology contracts and investments. Improved transparency through robust reporting processes helps governments identify trends, optimise investments and strengthen negotiations.

4.40 One of the challenges facing the USA is the absence of meaningful aggregated data on technology spending. Current reporting mechanisms rely on self-reported information from personnel who may lack the requisite expertise, limiting the reliability and comprehensiveness of the data collected. To address this, in January 2024 the US Government Accountability Office called for a series of improvements in technology reporting, releasing a report with two primary recommendations across major US agencies, including:

Track software licenses that are currently in use for its widely used licenses.
Compare the inventories of software licenses that are currently in use with information on purchased licenses to identify opportunities to reduce costs and better inform investment decision-making for its widely used licenses on a regular basis.

4.41 Action on these recommendations was subsequently implemented.

4.42 Whilst progress on reporting transparency in the USA has been limited, nations like Canada and New Zealand demonstrate the benefits of improved data collection and transparency in enabling informed decision-making and strategic planning across government ICT portfolios. Canada, for example, has achieved notable cost visibility through detailed comparative analyses, metrics and explicit unit cost reductions for services such as connectivity. Challenges were noted by New Zealand in respect of opaque investment visibility, which is partly underpinned by insufficient or inconsistent reporting mechanisms, hampering decision-making around technology investment.

4.43 Whilst there is an administrative overhead introduced through any new reporting requirement, the lesson Australia can draw from other nations is the significant value that can be achieved from better informed decision-making as related to ICT investment and buy.

Balancing dependency and stability with competition and monopoly risks

4.44 There is an ongoing tension between:

Driving consistency and stability.
Making technology choices which create dependencies.
Preserving competitive procurement processes to drive value for money.

4.45 There is no one permanent solution, and all jurisdictions reported needing to constantly consider this balance.

4.46 Maintaining competitive tension wherever practicable is essential to managing the risks of monopolistic supplier arrangements. This is a principle enshrined within the CPRs and is observed throughout procurement activities within the Australian Government.

4.47 Canada and New Zealand’s efforts to avoid over-reliance on single sellers demonstrates the importance of preserving bargaining power and fostering value-for-money outcomes. An example comes from the Enterprise Resource Planning (ERP) capability where both nations have sought to engage a diverse range of ERP providers, for example SAP, Workday and TechnologyOne.

4.48 Where other nations find themselves in a position of dependency or with high switching costs, contracts can be moved to negotiating a rolling contractual window basis (e.g. 5 years), negotiating one out-year at a time. Although 5 years is not a significant window to replace entrenched, critical technology, this allows a sufficient approach for the nation to plan and execute a transition from existing technology, if required.

Large technology sellers benefit from fragmentation

4.49 Other nations noted anecdotally that large technology sellers frequently exploit fragmented procurement landscapes, leveraging the lack of transparency and unified agreements to maintain advantageous commercial positions. As such, fragmented procurement and contracting can increase monopolistic risk.

4.50 Further, other nations noted that the large technology sellers often show little interest in promoting change or enhancing transparency, as the status quo enables them to maximise their influence and profitability.

4.51 To counteract this dynamic, governments must coordinate efforts to negotiate more equitable arrangements. Establishing unified contracts and increasing transparency diminishes fragmentation while fostering a more competitive and fair procurement environment that benefits all stakeholders.

Access to information is critical

4.52 Whole of government arrangements were commonly cited by other nations as large and complex. As a consequence, it is difficult for the users of these arrangements to stay informed, and to know how to extract full value. This was echoed by the State and Territory users of the SSAs.

4.53 A key mechanism utilised by Canada was the establishment of an online IT Service Catalogue for government agencies to obtain information about, and to order, enterprise services (e.g. email, mobile technology, workplace technology devices). The introduction of this catalogue supported Canadian agencies to better deliver programs and services by making the information about the arrangements more readily available.

4.54 While the Australian Government already has in place BuyICT, the value of this as a mechanism to enable ease of information access was echoed by New Zealand. What is evident in comparing digital.govt.nz and BuyICT.gov.au, the information commonly included is:

Arrangements need to be listed on the public access site, including how to access this and validity periods. This information is available on BuyICT.
Specific information on the products and services available under each arrangement is included for ease of reference. More specificity could be included on BuyICT in this regard to enable potential buyers to understand more about what the SSAs cover.
The extent to which agreements can be customised or be flexible is summarised at a high level. This information is not available on BuyICT.

4.55 Further, to the extent possible, the preference is for information to not be protected behind a credential wall (i.e. requiring a log in) to make access as simple as possible. A key exception to this is any commercial in-confidence materials (e.g. discount pricing offered by a seller).

When to apply
Apply Criterion 4 throughout Beta(Opens in a new tab/window) to ensure smooth integration with other government services and systems.
Adhere to this criterion across the Service Design and Delivery Process(Opens in a new tab/window) whenever new functionality, integrations or upgrades are introduced.
How to apply
Questions for consideration
- how will this service integrate with existing systems and data?
- what standardised protocols will be used to exchange data?
- how will we test for smooth interoperability with other platforms?
- how will the service accommodate future growth and change?
- what information does government already hold that the service could reuse?
- which mechanisms will allow users to opt in or out of data sharing?

Chapter 5: Optimising the single seller arrangements SSAs for the future

How to get the most from these arrangements moving forward.

Chapter overview

While the review considers SSAs remain fit-for-purpose for supporting the Australian Government’s digital transformation agenda, the review identified numerous ways to extract further value by strengthening their design, management and impact.

In terms of engaging with the market, there is opportunity to:

Better leverage existing whole of Australian Government planning processes, such as the Australian Government digital investment planning process, to inform emerging large-scale technology and sourcing requirements.
Publish a framework articulating the SSA model, its life cycle and expectations, to drive transparency of who the Australian Government want SSAs with.

In terms of maximising negotiation outcomes:

Simplify head agreements, to be achieved in part by consistently adopting the Australian Government's terms and conditions as the basis for negotiation, rather than as is currently the case, sometimes adopting the seller’s terms as that basis. This in turn, makes it easier for both the buyers and sellers, as contracts are entered with many agencies across the Australian Government.
In order to deliver the value that buyers want, ensure SSAs continue to deliver great discounts, terms and conditions that align to policy, and meet the buyers' requirements. Failure to do so will undermine the usage of the SSAs.
To optimise outcomes for the Australian Government, prioritise flexibility across products and services, keeping the arrangements simple and agreeing an exit plan to enable buyers' freedom of technology choice into the future.
Further strengthen the DTA’s centralised negotiation capability by incorporating the well-established technology procurement capability of the biggest buying agencies; this is also seen an opportunity to further help align deals with needs.

Other observations include the need to: set clearer expectations for what constitutes a strategic partnership with the Australian Government to further enhance the national digital agenda; uplift information, education and reporting; and review existing SSAs to ensure they remain fit-for-purpose and strategically aligned.

Chapter 5

Getting the most out of the market

5.1 The Australian Government has an opportunity to generate further value from whole of Australian Government arrangements like single seller arrangements (SSAs), by investing in their future.

5.2 Australian Government agencies are reliant on these technologies and will typically engage these sellers regardless of whether SSAs exist. As such, consolidating these needs and arrangements under a single head agreement makes sense, particularly when complemented by a clear framework for selection, management and removal of sellers.

5.3 In the same spirit, while there is broad support to retain SSAs in some form due to the proven benefits to the Australian Government, the review identified numerous ways in which further value can be extracted. For example, implementation of CAIP Plans and raising expectations through the establishment of an SSA seller led Technology Collaboration Centre as outlined in the Enhancing growth of the Australian technology sector section of this report.

5.4 The other most commonly supported strategic opportunities with regards to the market are discussed below.

Integrated strategic planning

5.5 While some technology and digital long-term planning processes are in place across the Australian Government (for example, the Data and Digital Government Strategy), better leverage of these for whole of Australian Government strategic sourcing purposes will be useful. Meaningfully understanding the technology choices being made by agencies in their strategic plans is a valuable input to determining what emerging needs are, relevant to SSAs.

5.6 The transition from on-premise technology to cloud services over the past decades has introduced major changes to the technology landscape within the Australian Government, including a pronounced disconnect in digital planning across agencies, making identification and establishment of new SSAs challenging. Traditionally, long-term technology financial planning was embedded within 10-year Capital Management Plans, encompassing extensive planned outlays for upcoming technological investments. However, the transition to cloud services, coupled with the shift from capital expenditure (CAPEX) to operational expenditure (OPEX), has undermined the completeness of these plans. The inherently short-term nature of OPEX spending complicates the projection of long-term financial needs, thereby degrading the strategic foresight embedded within the Capital Management Plans.

5.7 A range of existing information sources is available to the Digital Transformation Agency (DTA) to inform the strategic sourcing priorities relevant to the SSAs, as illustrated in the figure below.

The figure shows the Indicative Principles. Refer to the accordion for Figure 17 for a long description. — Figure 17 Strategic sourcing information model

5.20 The IOF typically requires the submission of two key artefacts as part of the two-pass business case process:

Solution designs which provide the architectural plans relevant to the business case, and commonly identify the capabilities and technologies required.
Procurement Plans which can provide specific insight into the intentions of agencies and often reflect the outcomes of an initial approach to market (e.g. Request for Information).

5.21 Where sellers or technology choices are specifically identified within the business case, these can be consolidated into the technology architectural landscape for the Australian Government, noting the review acknowledges there are Government security provisions which apply to New Policy Proposals.

5.22 In respect of the SSAs, it is noted that the IOF is primarily focused on New Policy Proposals. While this framework provides robust oversight for investments in technology over $10m, including the sustainment of the solutions typically over the forward estimates (a five-year window), it commonly excludes consideration of expenditure that is essential for maintaining and upgrading existing digital capabilities, or any agency internally funded technology projects.

Digital Investment Plans (DIPs)

5.23 The establishment of this planning represents a key data and information gathering opportunity, to identify emerging large-scale product and service requirements, which in turn may support SSA opportunity identification. The Digital Investment Plans can capture:

Both Capital (CAPEX) and Operational (OPEX) spending plans.
Inputs from the Investment Oversight Framework, especially in relation to Procurement Plans outlining proposed technology choices.
Operational enhancements or upgrades, where they meet relevant thresholds.
The planned technology architecture landscape within agencies, aligned to the Australian Government Architecture wherever relevant.

5.24 As relevant, this can be supplemented by engagement activities to understand technology roadmaps or strategies as relevant to the SSAs.

Seller technology plans

5.25 Sellers commonly make available their technology plans, including upgrade plans and end of life intentions. These are critical inputs to the long-term planned use of technologies, in particular cloud services.

5.26 The DTA could overlay the actual usage, IOF and DIPs with these seller plans as part of determining key areas of focus for negotiations and determining emerging whole of Australian Government technology risks which could be addressed through the SSA.

Contracting model

5.27 In considering whether the SSAs be retained, the review came from a first principles perspective, weighing the relative strengths and weaknesses available as contracting models.

5.28 A range of models are available to the Australian Government when contracting with technology sellers, which include:

Strengthened SSA contracting framework (proposed model): the updated SSA model with proposed recommendations from this report implemented.
Limited tender SSA model (current model): the existing Limited Tender model with no changes made (i.e. recommendations from this report are not implemented).
Panel model: the DTA run an Open Tender to establish a panel (similar to those already on BuyICT), or subsume the SSA sellers into existing panels.
Individual agency contracts: encompassing any contractual mechanism whereby the relevant agency contracts directly with the seller.
Model contracts: example contract clauses are designed (similar to the Commonwealth Contracting Suite) and agencies leverage these as part of contracting activities.

5.29 The strengths and weaknesses impacting each of these models is outlined in the table below.

Table 11 Relative strengths or weaknesses impacting alternative models (with X marks where they impact)
Strength / Weakness	Description	SSA Contracting Framework (including proposed changes)	Limited Tender SSA model (current model)	Panel model	Individual agency contracts	Model contracts
Strengths	Maximised leverage for negotiation, especially for mid-size / small agencies	X	X	Larger agencies may be able to compel similar commercial offers	Larger agencies may be able to compel similar commercial offers	Larger agencies may be able to compel similar commercial offers
	Consistent terms and conditions	X	X	X	Nil	X
	Improved contracting efficiency (relative to individual agency contracting)	X Also, reflective of anticipated buy profile	X Also, reflective of anticipated buy profile	X	Nil	Nil
	Maximises competitive tension	Expansion of SSAs will encourage greater competition amongst those holding SSAs	Nil	X	X	X
	Leverage of specialist technology procurement expertise in DTA	X	X	X	Nil	Nil
	Improved transparency through AusTender reporting	X	Nil	X	X	X
	Centralised management	X	X	X	Nil	Nil
	Highly tailored to agency requirements	Nil	Nil	Nil	X	X
Weaknesses	Not specifically tailored to agency requirements, necessitating further detail be included within work orders (contracts)	X	X	X	Nil	Nil
	AusTender reporting complexity, limiting transparency	Nil	X	Nil	Nil	Nil
	Limited specialist technology procurement expertise outside of very large agencies	Nil	Nil	X	X	X
	The terms and conditions within panels don’t align to those within the SSA	X	X	Nil	Nil	Nil
	Inconsistency in pricing, and terms and conditions across agencies	Nil	Nil	X	X	X
	Limited realisation of contracting efficiencies	Nil	Nil	X	X	X

5.30 Further to the above, and as already noted within this report, the SSAs are complex. Given that both the SSA seller and the Australian Government have to be satisfied with the contract negotiation outcome, there will always be an element of difference between each of the SSAs respectively and any panels in place, reflective of the outcome of the negotiations.

5.31 While the precise structure and format of the head agreement and contracts are to be developed and implemented by the respective legal teams of the DTA and SSA sellers, the following observations were made.

The figure shows the contractual observation themes. Refer to the accordion for Figure 18 for a long description. — Figure 18 Contractual observation themes

This guidance on Delivery Confidence Assessment (DCA) ratings also references relevant DTA whole-of-government policies throughout to inform assurance providers and other stakeholders of the policies that may be applicable to the investment under review.

The policies considered within this guidance are a selection of DTA-owned policies relevant to the identified focus areas and inputs to a DCA.

The policies referenced are not meant to be an all-encompassing list of digital policies, but rather a select reference of applicable DTA-owned policies for digital and ICT investments.

More information on other digital policies and standards, can be found on Australian Government Architecture.

Relevant policies

Transformation vision

Purpose, business case and benefits.

Off

Your responsibilities

To successfully meet this criterion, you need to:

design for interoperability
join up services.

Governance and leadership

Executive support and governance effectiveness.

Off

Capability and engagement

Resource Management and capability. Stakeholder engagement.

Off

Delivery management

Schedule. Cost and finance. Scope and change control. Risk management. Commercial management.

Off

Solution

Technology. Solution context. Deployment and sustainability.

Off

Purpose, business case and benefits.
Executive support and governance effectiveness.
Resource Management and capability. Stakeholder engagement.
Schedule. Cost and finance. Scope and change control. Risk management. Commercial management.
Technology. Solution context. Deployment and sustainability.

The topics and deliverables required to make an assessment can vary. It is recommended that assessors observe the project in action by attending stand-up meetings or board meetings and review live project documentation.

For example, an assessor of an agile project may find it appropriate to assess a project through reference to observing agile artefacts and ceremonies rather than only consuming more traditional project documentation.

The list of example documents that could be assessed during an assurance review to determine the delivery confidence of an investment include:

business case – original and most recently approved version
program/project overview including objectives, key policy assumptions, background material
benefits management strategy
assurance report that informed the DCA
program/project budget documentation
program/project timeline, showing critical path, dependencies and key milestones
risk matrix and risk management approach
resource plans
implementation plans
stakeholder impact assessment and communication plan
list of other entities involved in the program/project
governance model including papers and minutes from any steering or program / project management committees, terms of reference and documented roles and responsibilities
issues log
change control register
evidence of feedback loops, contract and interdependency management
organisation chart for relevant areas of the entity.

What are the focus areas and inputs to a Delivery Confidence Assessment (DCA)?

These include:

purpose, business case and benefits
governance and leadership
capability and engagement
Delivery management:
- schedule
- cost and finance
- scope and change control
- risk management
- commercial management
- change management.
Solution:
- technology
- solution context
- deployment and sustainability.

Assurance activities are typically a summative assessment at a point in time in a project lifecycle. A DCA is a predictive assessment based on the current state and trajectory of the project.

The topics and deliverables required to make an assessment can vary.

It is recommended that assessors observe the project in action by attending stand-up meetings or board meetings and review live project documentation. For example, an assessor of an agile project may find it appropriate to assess a project through reference to observing agile artefacts and ceremonies rather than only consuming more traditional project documentation.

The list of example documents that could be assessed during an assurance review to determine the delivery confidence of an investment include:

Business case: original and most recently approved version.
Program/project overview including objectives, key policy assumptions, background material.
Benefits management strategy.
Assurance report that informed the DCA.
Program/project budget documentation.
Program/project timeline, showing critical path, dependencies and key milestones.
Risk matrix and risk management approach.
Resource plans.
Implementation plans.
Stakeholder impact assessment and communication plan.
List of other entities involved in the program/project.
Governance model including papers and minutes from any steering or program/project management committees, Terms of Reference and documented roles and responsibilities.
Issues log.
Change control register.
Evidence of feedback loops, contract and interdependency management.
Organisation chart for relevant areas of the entity.

This guidance document provides more detail on the focus areas in the following pages.

Transformation vision

Design for interoperability

Share data: Always begin by reviewing your obligations against privacy policies and the Privacy Act (1988). If external data can be used, make your service interoperable and leverage governments’ open datasets. Support safe, ethical data sharing practices by using the government’s DATA Scheme(Opens in a new tab/window).

Request information once: Assess the data your agency already collects and whether it can be reused to deliver your service. Where it can be reused, eliminate unnecessary data entry requests and fulfil a ‘tell us once’ approach.

Publish open APIs: Thoroughly document your service’s APIs. Where appropriate, open them for other services and third-parties to build upon existing government offerings. Align with the API Design Standard(Opens in a new tab/window) to support cross-jurisdictional data sharing, maintain a consistent, reusable vocabulary and support wider API literacy.

Plan for scale and flexibility: Ensure your service can cater for growth and changing preferences without impacting performance, functionality or stability. Embed adaptability into your design patterns from the outset to allow malleability as future changes may require.

Utilise a Digital ID: Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF)(Opens in a new tab/window), to allow users to access your service with a single set of credentials.

Off

Case study: The case for SSAs in the cyber security ecosystem

Identifying one or more sellers in the cyber security sector that meet at least some of the indicative criteria is premature for the following key reasons:

Limited viable alternatives: LOW

The cyber security ecosystem is broad and includes a wide range of products, solutions and services (herein referred to as ‘capabilities’) designed to protect data, networks, systems, and users from cyber threats. Across the ecosystem, a consistent definition of cyber ‘capability’ is somewhat vague, and not necessarily agreed.
The capabilities typically fall into several major categories based on what they protect and how. There is a range of established and emerging Australian and international sellers that enables a competitive market for the capabilities with several viable alternatives across each category.
The cyber security market continues to mature and evolve in response to emerging cyber security threats, and as a result, innovative solutions which can involve multiple sellers and/or capabilities continue to emerge.

Usage and criticality: MODERATE

Usage of cyber capabilities across government is unintentionally obfuscated by delivery models and on selling structures, making the utilisation of technology from a contract expenditure and reporting perspective difficult to definitively identify.
Stakeholders interviewed provided anecdotal views that products and solutions in the Security Incident and Event Management and Distributed Denial of Service solutions could potentially meet the usage and criticality threshold.

Compliance and behaviour: CANNOT BE ASSESSED

An assessment of seller compliance and behaviour would be required at a point in time where identified sellers were being considered for an SSA.

Offer on the table: CANNOT BE ASSESSED

An assessment of the offer on the table would be required at a point in time where identified sellers were being considered for an SSA.

Strategic alignment: MODERATE to HIGH

Many cyber security capabilities align to or can support government policies and strategies, including the List of Critical Technologies in the National Interest (that identifies protective cyber security technology) and requirements under the PSPF. Due to the range of capabilities in the market, further analysis is required to map the types of capabilities to critical requirements.

For context to this case study, the below provides a non-exhaustive overview of categories that demonstrate how vast the cyber security ecosystem is, noting that each category can be further broken down to specific sub-categories. Note, entities may provide or resell specific hardware or software, services and solutions, or a combination of these:

Network Security
Application Security
Endpoint Security
Cloud Security
Identity and Access Management
Security Information and Event Management, Security Orchestration, Automation, and Response, Security Operation Centre
Threat Intelligence and Monitoring
Vulnerability Scanning and Management
Data Loss Prevention
Encryption
Backup and Recovery
Governance, Risk, and Compliance.

Expanding on this, for example, the network security category can be further broken down to:

Firewalls
Network Detection and Response / Intrusion Detection Systems / Intrusion Prevention Systems
Network Access Control
Secure Gateway.