[Osia-members] NSW Government Procurement actively discourages use of Open Source

Jack Burton jack at saosce.com.au
Thu Aug 24 19:36:22 AEST 2017


On Wed, 2017-08-23 at 13:39 +1000, Aimee Maree wrote: 
> Daniel, myself and others also helped on the NSW submission.

I think you are mistaken Aimee Maree -- you must be thinking of a
different matter, not NSW ProcureIT.

There was no public submission lodged (at least, not in the way that we
lodged submissions to ACIP, IPAust, DFAT, JSCOT, etc. -- and not while
I was on the board -- and if the current board has lodged a submission
since then, it certainly hasn't been announced).

We did send a document to DFSI on 19 Oct 2015, entitled "Preliminary
comments on NSW ProcureIT v3.2 draft (Module 13 and contract)".

I was the sole author of that document -- nobody else contributed
directly to its drafting, although it was of course reviewed and
ultimately approved by the 2015/16 board as a whole, with some very
brief feedback received and taken into account from both Daniel & Ryan.

Ryan had also been involved much earlier on in the matter (long before
we got to see the early v3.2 drafts), but was no longer working on it
by then. We also had some advice from Brendan on the matter, but again
that was in the very early days, long before we saw the v3.2 drafts.

Other than that, the only OSIA member involved in the NSW ProcureIT
matter was Cameron himself.

As for your involvement, I am certain that you must be thinking of a
different matter (as I recall you worked on many others, but not this
one). My records show that on 20 Nov 2014 you declared a conflict of
interest in relation to the NSW ProcureIT matter and therefore
undertook to abstain from involving yourself in it -- and you always
kept your word on that.

Of course that might not be the case any more, but it was then.

>  There is a copy of it online on our website I believe,

No there isn't, and for good reason. Again, I think you must be
confusing NSW ProcureIT with one of the other government matters we
were working on during that time.

The early v3.2 drafts were shared with us on the condition that we did
*not* make those drafts public. I took great care to ensure that the
board were informed of and did not object to that before agreeing to
it.

There was no point in publishing our report commenting on a document
while we weren't allowed to publish the document we were commenting on.
That is why the "Preliminary comments" report was never put up on the
OSIA website.

That is also why, in the list of papers in the OSIA 2015/16 annual
report, it was listed under the heading "Reports of limited
distribution".

However, now that DFSI themselves have made ProcureIT v3.2 public, I
don't see any problem with OSIA putting the "Preliminary Comments"
report up on its website if the current board wants to. If you no
longer have your copy, just ask and I'll be happy to send it to you
again.

>  in the process of doing a fully audit of OSIA infrastructure and
> documents. What we are wanting to do is to get a system up where we can
> get members feedback on submissions and inputs etc something we didn't
> do as much of in the past.

You mean like this mailing list? or like others set up occasionally in
the past for sub-committees working on specific matters, like
osia-tppa@?

Yes, as a member I agree that it would be very good to see the list(s)
getting more use -- thanks for pursuing this.

> Regarding the new draft I have not seen this yet, I was under the
> impression that it was for contracts over 2million? Will need to check
> the current draft etc myself to see.

This was all covered in various reports to the board in 2015 and 2016.

Not sure about now, but as things stood back then:

* The M13/M13A distinction ("major project" or not) was not based on
price. Rather, it was based on the degree of complexity and risk
associated with the project. This was a substantial innovation on the
part of the NSW Government. Their rationale went something like this:
if you want to buy a million desktop PCs, that's expensive, but it's a
very simple, very low-risk project, so you don't need to take special
care beyond what you'd do for any other procurement. Conversely, it is
easy to see that even a relatively cheap (say, $149k) software
development project might involve the sort of complexity & risk that
warrants more stringent procurement rules, if the purpose of that
software involves an initiative that is particularly complex or risky.

* The Customer Contract long-form/short-form distinction however *was*
based in part on price (contracts valued under $150k) and in part on
membership of the "ICT Services Scheme" (which required
pre-qualification). My understanding is that that distinction remains
the same. AIIA did a lot of work on the short-form contract; we did
very little on it (and I don't recall there being anything as major in
there from our perspective). I focussed on Module 13A and the long-form
contract (and to a lesser extent the definitions in the new Part II).

Hope that helps.

Regards,


-- 
Jack Burton FACS CP <jack at saosce.com.au>
--
Director, Saosce Pty Ltd (OSIA member #50)
Company Secretary, Safecoms Cyber Security Pty Ltd
--



More information about the Osia-members mailing list