Assurance activities

Next page: Transformation vision

Design for interoperability

 

Share data: Always begin by reviewing your obligations against privacy policies and the Privacy Act (1988). If external data can be used, make your service interoperable and leverage governments’ open datasets. Support safe, ethical data sharing practices by using the government’s DATA Scheme(Opens in a new tab/window)

Request information once: Assess the data your agency already collects and whether it can be reused to deliver your service. Where it can be reused, eliminate unnecessary data entry requests and fulfil a ‘tell us once’ approach.

Publish open APIs: Thoroughly document your service’s APIs. Where appropriate, open them for other services and third-parties to build upon existing government offerings. Align with the API Design Standard(Opens in a new tab/window) to support cross-jurisdictional data sharing, maintain a consistent, reusable vocabulary and support wider API literacy.

Plan for scale and flexibility: Ensure your service can cater for growth and changing preferences without impacting performance, functionality or stability. Embed adaptability into your design patterns from the outset to allow malleability as future changes may require.

Utilise a Digital ID: Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF)(Opens in a new tab/window), to allow users to access your service with a single set of credentials.

Off

Case study: The case for SSAs in the cyber security ecosystem

Identifying one or more sellers in the cyber security sector that meet at least some of the indicative criteria is premature for the following key reasons:

Limited viable alternatives: LOW

  • The cyber security ecosystem is broad and includes a wide range of products, solutions and services (herein referred to as ‘capabilities’) designed to protect data, networks, systems, and users from cyber threats. Across the ecosystem, a consistent definition of cyber ‘capability’ is somewhat vague, and not necessarily agreed.
  • The capabilities typically fall into several major categories based on what they protect and how. There is a range of established and emerging Australian and international sellers that enables a competitive market for the capabilities with several viable alternatives across each category.
  • The cyber security market continues to mature and evolve in response to emerging cyber security threats, and as a result, innovative solutions which can involve multiple sellers and/or capabilities continue to emerge.

Usage and criticality: MODERATE

  • Usage of cyber capabilities across government is unintentionally obfuscated by delivery models and on selling structures, making the utilisation of technology from a contract expenditure and reporting perspective difficult to definitively identify.
  • Stakeholders interviewed provided anecdotal views that products and solutions in the Security Incident and Event Management and Distributed Denial of Service solutions could potentially meet the usage and criticality threshold.

Compliance and behaviour: CANNOT BE ASSESSED

  • An assessment of seller compliance and behaviour would be required at a point in time where identified sellers were being considered for an SSA.

Offer on the table: CANNOT BE ASSESSED

  • An assessment of the offer on the table would be required at a point in time where identified sellers were being considered for an SSA.

Strategic alignment: MODERATE to HIGH

  • Many cyber security capabilities align to or can support government policies and strategies, including the List of Critical Technologies in the National Interest (that identifies protective cyber security technology) and requirements under the PSPF. Due to the range of capabilities in the market, further analysis is required to map the types of capabilities to critical requirements.

For context to this case study, the below provides a non-exhaustive overview of categories that demonstrate how vast the cyber security ecosystem is, noting that each category can be further broken down to specific sub-categories. Note, entities may provide or resell specific hardware or software, services and solutions, or a combination of these:

  • Network Security
  • Application Security
  • Endpoint Security
  • Cloud Security
  • Identity and Access Management
  • Security Information and Event Management, Security Orchestration, Automation, and Response, Security Operation Centre
  • Threat Intelligence and Monitoring
  • Vulnerability Scanning and Management
  • Data Loss Prevention
  • Encryption
  • Backup and Recovery
  • Governance, Risk, and Compliance.

Expanding on this, for example, the network security category can be further broken down to:

  • Firewalls
  • Network Detection and Response / Intrusion Detection Systems / Intrusion Prevention Systems
  • Network Access Control
  • Secure Gateway.

5.67 There is no singular seller in the cyber security market which will sufficiently meet the proposed principles of an SSA framework. The case study identifies that ongoing work is required to monitor the market to identify any emerging need to establish SSAs in the cyber security sector. An assessment of product, solution and service usage and criticality in the government context is key to understanding this.

5.68 Complemented by engagement with ASD, the review identified, however, there is potential value in establishing capability specific cyber security panels (like that of other panels on BuyICT). 

Amend the rules

5.69 The Commonwealth utilises three key tiers of rules:

  • Legislation: provides the legal foundation that mandates obligations, offering enforceable protections that govern contractual relationships and set the minimum bar at which sellers must adhere to in order to operate within the country. Further, the Commonwealth’s ability to set legislation effectively leverages the buying power of the entire nation. Exceptions to these rules are not possible, unless specifically provided for within the legislation. Examples of this include the Public Governance, Performance and Accountability Act 2013 and the Privacy Act 1988.
  • Policy: in contract negotiations, serves to project a specific position to sellers, communicating the clear expectations and outlining strategic priorities. Typically, exception to these policies is possible, however, this sometimes requires senior government approval. Examples of this include the CPRs and the PSPF.
  • Guidelines: this includes non-mandatory requirements, such as better practices, to set expectations. 

5.70 The key opportunities to amend the rules that were identified within this report are:

  • Defining sovereignty and how it relates to the Australian Government’s technology sector, and determining the most appropriate mechanism to enforce this sovereignty. Refer to Cyber and security section of this report.
  • Amending the CPRs to incorporate the SSAs as a recognised contracting framework. Refer to the Procurement and contracts section of this report.
  • Reviewing the existing Contract Limits and Review Policy. Refer to the Procurement and contracts section of this report.

Getting the most out of the negotiation

Commercial realities of negotiation

5.71 For context, there are a range of commercial realities the Digital Transformation Agency (DTA), buyers and sellers face when negotiating these arrangements. The below outlines a few of these from each of their perspectives, however, this is not an exhaustive list:

  • The technology is critical to deliver to Australians: Although all technologies are not created equal, some of the technology provided by the single seller arrangement (SSA) sellers is crucial for enabling services, infrastructure, and innovation that directly impact Australian individuals and businesses now and into the future.
  • Both need each other: Large technology sellers and their buyers rely on each other to achieve mutual goals, whether delivering innovative solutions or maintaining a sustainable partnership.
  • Both sides want the best for themselves: Although both buyers and sellers want win-win outcomes, they also engage in negotiations seeking to optimise their own benefits, whether financial, operational, or strategic.
  • Australian Government is a valuable customer to the sellers: The Australian Government is highly regarded by technology sellers as a significant buyer, given its strategic importance and purchasing power.
  • Negotiations are hard fought: Contract discussions with major technology sellers are often intense, as both parties aim to secure favourable outcomes for their respective interests.
  • The SSA sellers are well experienced in negotiating with buyers globally: These multinational technology companies bring extensive experience gained from managing contracts with a diverse range of customers worldwide, necessitating the Australian Government to ensure it has commensurate expertise within its negotiation teams.
  • Contracts and associated terms and conditions are complex: Agreements with large technology sellers involve intricate terms and conditions that must address varying legal, regulatory, operational and management requirements across different jurisdictions.
  • High switching costs: Opting to change / switch technology typically involves substantial costs (e.g. discovery and design, build / configuration of solutions, reintegration to existing systems, testing, deployment and managing the impact of the change) representing a fiscal barrier to changing technologies.
  • Sales cycles in technology sellers tend to drive particular behaviours: Sellers typically focus their resources on securing sales, with service delivery and long-term support often managed separately post-contract.

5.72 In approaching the negotiations, it is acknowledged that the Australian Government SSA negotiators are cognisant of these realities. Within this context, what the DTA prioritises in the negotiations becomes critically important.

What should be prioritised

5.73 A range of key themes emerged, throughout the review, regarding the priorities in negotiating an SSA. These themes were:

Figure 21 Themes which emerged to prioritise as part of negotiations

Fostering strategic partnerships

Consider the full holistic value proposition

Being realistic about future needs of buyers

Keeping arrangements simple

Ensuring flexibility

Building in an exit plan

Getting the most out of the single seller arrangements (SSAs) once established

Nurturing the strategic partnership

5.142 A successful strategic partnership requires mutual commitment and proactive engagement from both the seller and the buyer. While the SSAs must demonstrate ongoing alignment with the elements outlined within the Fostering strategic partnerships section of this report, buyers also play a critical role in fostering collaboration. This includes maintaining open and transparent communication, ensuring timely decision-making, and actively participating in shared initiatives such as innovation forums and continuous improvement programs. 

5.143 Buyers must also honour their commitments, engage constructively in contract management, and adapt procurement strategies to evolving needs, reinforcing trust and long-term alignment. By demonstrating reciprocity in the partnership, buyers not only secure optimal outcomes but also encourage sellers to invest in sustained value creation beyond the initial contractual terms.

Ensuring access to knowledge, information and education

5.144 Effective utilisation of contractual arrangements depends on ensuring stakeholders have access to clear, relevant, and practical information.

5.145 The key mechanisms identified as available to the Digital Transformation Agency (DTA) to enable this to occur were:

  • DTA information sessions: introductory sessions to educate procurement and contract management teams across the Australian Government on what is contained within the SSAs. (The DTA already run these sessions which were noted by those that attended them to have been well run and informative Further, DTA’s recording of these sessions reflects better practice to enable those who were unable to attend the sessions to view later).
  • Communities of practice: facilitated by the DTA and significant users of the SSAs, established to share learning and better practices across the Australian Government.
  • Information on BuyICT: publishing information for self-serve, on-demand access.
  • SSA Handbook: provides a plain English overview of the specific components within a specific SSA, summarising key information for ease of reference by users.
  • Direct point of contact: enabling stakeholders to contact the DTA to ask further questions.
  • Procurement Bulletins: a procurement focused publication issued monthly by Finance.
  • Procurement Centre of Excellence: inclusion of topics of interest for showcasing.
  • Participation in governance forums: the DTA has established governance forums for some SSAs, which provide a regular cadence of meetings with the sellers, the DTA and select agencies to share challenges, performance issues and maximise the use of the SSA.

5.146 The information required by buyers and how this is accessed in respect of the SSAs is outlined in the table below:

Table 14 Information buyers require and where it is typically found (with X marks where they impact)

Information required

Seller website

BuyICT website

BuyICT following log in

By request of DTA

General information on the products and services

X

Nil

Nil

Nil

Products and services covered by the SSA

Nil

X

X

Nil

Standard templates

Nil

Nil

X

Nil

DTA marketplaces and panels the seller is on

Nil

X

Nil

Nil

Advantages under the contract

Nil

X

Nil

Nil

Price / rate card / discounts

Nil

Nil

X

As agreed with seller

X

Copy of the contract and terms & conditions

Nil

X

As redacted

Nil

X

5.147 The DTA can also play a key role in fostering a probity-safe environment where Commonwealth agencies can engage directly with SSA technical representatives to explore opportunities and challenges. By facilitating structured discussions, the DTA can ensure buyers can collaborate effectively while maintaining transparency and compliance. These interactions allow buyers to better understand seller offerings, get visibility of how other buyers are addressing any common issues, and understand the potential applicability to their specific problems. 

5.148 Further to the Increased administrative burden section within this report, the review heard buyers can find it challenging to know what their obligations are in respect of entering into contracts under the SSA head agreement or specific clauses therein. Greater transparency about the relevant roles and responsibilities in this regard will support the realisation of value from the SSAs.

5.149 These forums could also address challenges identified by survey respondents who stated that there is a need for:

  • Increased understanding of the rationale behind decisions relating to the SSAs.
  • Enhanced communication and clarity to improve understanding of decision making in the negotiation process.
  • Improved pricing transparency through broader sharing of pricing information and ongoing support costs.

5.150 The DTA should drive better realisation of the value of the SSAs through uplifting buyer understanding about the SSAs, by: 

  • Making responsibilities between the DTA, buyers and sellers clearer.
  • Refreshing the information and education made available to agencies about the SSAs, including any agency obligations.

Improving reporting and transparency

5.151 Effective reporting is central to maximising the value of established contractual arrangements, ensuring transparency, accountability, and informed decision-making. In pragmatic consideration of ‘what gets reported gets managed’, tracking metrics related to contract spend, product and service utilisation, and broader procurement trends are key. Ongoing reporting on contract expenditures and usage patterns allows agencies to assess whether agreements remain fit for purpose, identify areas for optimisation, and ensure that negotiated benefits - such as volume discounts or strategic flexibility - are being fully leveraged. 

5.152 The DTA actively undertake a range of surveys to obtain periodic feedback on the use of the SSAs, including surveys ahead of the renewal of the SSAs to inform contact negotiations. These insights are used to inform continuous improvement.

5.153 The review identified the following in respect of current reporting capability:

  • There is poor visibility of whole of Australian Government spends for some of the SSAs, and of the spends by other non-Australian Government buyers, with no single source of truth.
  • Discounts realised are difficult to quantify, limiting the DTA's ability to track a key benefit of the SSAs. (Being able to track and measure benefits is a key attribute of the DTA's Benefits Management Policy.)
  • There is limited visibility of the use of products or services (e.g. a consolidated list of licences purchased under the SSAs utilised across the Australian Government), limiting DTA's visibility of where value can be further optimised. This ongoing visibility will also support periodic contract reviews, enabling greater traceability of what was initially agreed with sellers comparative to what is actually occurring.

5.154 Improving reporting will also make future negotiation better informed and consistent, with further discussion in the Get timely, accurate data section of this report. By maintaining a structured reporting framework, government entities can proactively manage seller relationships, align procurement with operational needs, and drive continuous improvement.

5.155 In respect of performance reporting of the sellers, the review noted that this is managed mostly at the agency level, with limited overall reporting undertaken by the DTA in respect of the SSAs. In turn, this limits the DTA’s ability to address emerging issues, drive the right outcomes, and monitor the realisation of value from the SSAs.

5.156 Monitoring the aggregate performance of the sellers against the published framework, supported by ongoing feedback from buyers, will provide insight that can assist in ensuring the SSAs remain fit-for-purpose and continue to contribute to achieving value for money. 

5.157 Potential key performance indicators or key result areas which could be implemented are depicted in the following graphic:

The figure shows SSA performance reporting. Refer to the accordion for Figure 25 for a long description.
 Figure 25 SSA performance reporting

Transformation vision

Purpose, business case and benefits 

For a digital project to contribute to agency effectiveness and service delivery, the business purpose that the transformation project facilitates needs to be clearly articulated and supported. Delivery confidence can be higher where there is a transformative vision that people rally around.

The Data and Digital Government Strategy sets the vision for the Australian Government’s use of data and digital technologies to 2030. 

The purpose and vision for a transformation should be supported by a strong business case, with clear outcomes and scope that is aligned with the needs of the business area.

Financial and non-financial benefits and disbenefits should be defined and actively monitored, and project scope should be aligned with achieving benefits and minimising impact.

Purpose

High

A clear and unambiguous purpose that is inspiring, consistent across stakeholder groups and meets stakeholder needs.

Off
Medium high

A purpose that broadly represents stakeholder needs and interests.

Off
Medium

A purpose has been developed, but with limited consultation or commitment from the business area it will impact.

Off
Medium low

A purpose that doesn’t accurately or consistently represent business needs.

Off
Low

A technology-centric purpose or misalignment on the purpose.

Off

  • A clear and unambiguous purpose that is inspiring, consistent across stakeholder groups and meets stakeholder needs.

  • A purpose that broadly represents stakeholder needs and interests.

  • A purpose has been developed, but with limited consultation or commitment from the business area it will impact.

  • A purpose that doesn’t accurately or consistently represent business needs.

  • A technology-centric purpose or misalignment on the purpose.

Delivery Confidence Assessment (DCA) tolerances

DCA tolerances

High

Business case shows robust consideration of options, clear rationale for the project, detailed and realistic estimates for cost and time, and measurable success criteria.

Off
Medium high

Business case shows consideration of options, rationale for the project, estimates for cost and time, and measurable success criteria.

Off
Medium

Business case shows limited consideration of options, rationale for the project, estimates for cost and time, and success criteria.

Off
Medium low

Business case largely makes an argument for one option, without fair consideration of alternatives.

Off
Your responsibilities

To successfully meet this criterion, agencies will need to:

  • design for interoperability
  • join up services.
Off
Low

Limited or no business case.

Off

  • Business case shows robust consideration of options, clear rationale for the project, detailed and realistic estimates for cost and time, and measurable success criteria.

  • Business case shows consideration of options, rationale for the project, estimates for cost and time, and measurable success criteria.

  • Business case shows limited consideration of options, rationale for the project, estimates for cost and time, and success criteria.

  • Business case largely makes an argument for one option, without fair consideration of alternatives.

  • Limited or no business case.

Next page: Governance and leadership

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession