Guide to Open Source Software for Australian Government Agencies
Preparing a procurement plan
As open source has matured and become more sophisticated, so has the procurement process. Current industry best practice suggests that an organisation should, as far as possible, procure OSS tools with the same processes and mechanisms it uses for other ICT solutions.
Evaluating the business case
Open source software is now broadly accepted and supported by many major ICT vendors. This broad acceptance means the presence of OSS is likely to grow in many areas of the public sector in coming years. Mainstream adoption of open source software makes it possible for more agencies to safely consider its adoption.
This guide is not intended to either advocate or reject OSS products. However, for agencies considering OSS solutions on the merits, this section provides advice on issues the agency should consider when evaluating the business case for OSS solutions. Where necessary, it highlights differences between open source and proprietary software. This is designed to assist agencies to quickly understand the unique value proposition of both types of software.
Decisions about open source software should be made according to the same metrics and decision-making processes that are used for other ICT solutions. The primary considerations are fitness for purpose and value for money. Agencies should consider open source software on its merits, disregarding any industry fads or novelty value.
One issue to consider is the perceived viability of OSS technology. As OSS has a relatively new presence in industry and government, some agencies may be apprehensive about considering OSS-based solutions. To ameliorate such concerns, it should be noted that many government computer systems already run some form of open source software. For example, many agencies already use server, router and firewall systems based on open source implementations of the TCP/IP protocol for Internet communications. Furthermore, many transactions that occur through the Internet do so on open source platforms such as Apache, Linux and MySQL. See ‘Typical concerns about OSS software’ for further discussion of this issue.
Some agencies may have a natural affinity for open source software and they are likely to make a stronger business case for OSS products. For example, agencies that have used Unix computer operating systems for many years may feel comfortable using Linux, an OSS operating system that shares many characteristics with Unix. In contrast, other agencies may not have the technical expertise and comfort levels to make the same business case.
As part of the process of determining the business case for a particular ICT project, agencies need to define core project attributes and other imperatives for consideration. This includes titles, descriptions, scope of target usage group(s) and project plan mechanics such as test and launch timetables.
After articulating objectives for the procurement of an ICT solution, agencies can review some of the attributes that may be intrinsic to OSS products to determine their applicability.
The following scenarios illustrate this process in action.
Procurement scenario examples
Increasing longevity of document accessibility
In this example, an agency has a business objective to maintain long-term access to its electronic documents. The agency may mandate the adoption of open standards formats to be used for the long-term archiving of documents. This mandate may be defensible if the specific requirement is defined as: “We want to ensure we can retrieve all archived documents in the medium to long term.” A document format based on open standards is selected for this purpose. If an open source solution can be shown to implement the standards-based document format, then it can potentially deliver the mandatory outcome. The OSS-based solution can therefore be considered for procurement.
Maximising network interoperability
Let’s consider another example, this time relating the adoption of network communications protocols. An agency launches a project with the objective of reducing interoperability problems between products from different vendors. The desired outcome is proper system-wide operation among disparate components for the full operational lifecycle of the procurement. The project presents several risks. Unless vendors adhere to well-defined, open industry standards their communications protocols may diverge in future product releases. This could cause considerable compatibility and security problems for the agency and has the potential to lock the agency into a particular vendor’s technology. However, if there is at least one viable open source contender, which adheres to open standards, the agency could deploy this to ensure the ongoing standards compatibility of the network environment. In this case, the OSS solution enables the agency to fulfil the project’s risk mitigation requirements.
Defining business requirements and priorities
In many aspects of the procurement process, open source solutions are little different to proprietary software. The procedures and decisions that an agency buyer needs to undertake are often similar or identical. This is certainly the case when it comes to defining business requirements and priorities for an ICT solution.
A Guide to ICT Sourcing provides an overview of the principal issues agencies need to consider when procuring solutions. Refer to that guide for a complete explanation of these issues; this section outlines some of the most important elements of the requirements phase. In most circumstances, the top priority is continuity in the agency’s business processes: ensuring the continuous operation of computer and network systems that an agency requires to deliver services to citizens and government.
Other factors that an agency might take into account when considering a new ICT system include:
- Making business processes more efficient and simple;
- Lowering technology costs;
- Simplifying ICT tools, processes and operations;
- Rationalisation of ICT platforms and systems;
- Standardisation of ICT platforms and systems;
- Decreasing risk exposure;
- Decreasing exposure to security issues;
- Making the agency’s business platforms more robust;
- Reducing the impact of system failures; and
- Increasing platform diversification to reduce the risks of systemic failure.
Sourcing issues to consider
Agencies need to address a number of issues before they can make decisions about sourcing options in projects where open source software is judged to offer a viable solution. Some of these questions apply only to in-house sourcing scenarios, while others are applicable across all sourcing scenarios. Issues that agencies need to consider include:
- The agency’s level of in-house expertise and comfort with the technologies involved;
- The complexity of migrating from existing platforms or applications to an OSS equivalent;
- The cost and complexity of changes required to data, systems integration, network protocols and document formats; and
- The level of re-training needed for staff to use the new solution.
These issues are not unique to open source solutions; many apply to any ICT project that introduces changes to established business procedures. These issues are only part of a larger migration process. A Guide to ICT Sourcing recommends that agencies establish a transition or termination strategy for any sourcing initiative. This should cover service-level agreements, contract governance arrangements, transition of IT resources and other salient issues.
Writing inclusive RFTs
Request for tender (RFT) documents are an essential part of sourcing ICT solutions from external vendors. Agencies need to take care to avoid introducing unintentional barriers that may discourage or inhibit open source vendors and resellers from submitting responses. These barriers normally take the form of specifying proprietary products by name or stipulating interoperability requirements that are not based on open standards.
To ensure RFT documents do not exclude any viable products offered by vendors, we suggest the following simple rules:
- Avoid specifying products by name (for example, “the solution must be delivered using product x”);
- Where possible, specify what interoperability requirements are required (for example, “must be able to read documents in this format” or “must be able to share files with these products”);
- Where possible, avoid specifying brand keywords or trademarks (for example, “must offer BrandName® thumb-scanning”);
- Instead, articulate generic attributes and functions as part of your requirements (for example, “must be able to work with standards-based thumb-scanning hardware”); and
- Avoid specifying proprietary or exclusionary standards where possible. See Appendix B for more information on open standards;
- Where possible, specify open and vendor-neutral standards.
Defining selection criteria
A Guide to ICT Sourcing provides a comprehensive overview of the typical selection criteria that agencies need to incorporate and consider as part of their procurement plan. The issues covered include:
- Vendor’s ability to deliver the service;
- Establishing service levels together with metrics and processes for assessing services;
- Transition plan;
- Cost proposal;
- Compliance with bidding process;
- Quality of proposed vendor staff; and
- Vendor profile.
The selection criteria established by A Guide to ICT Sourcing apply equally when sourcing OSS. Agencies should consider each potential supplier’s relative maturity and credentials to deliver the proposed solution. As many agencies lack experience in procuring open source solutions, the next section presents a brief overview of the OSS market.
Assessing the value of OSS solutions
To assist agencies in assessing the value of OSS-based ICT solutions, the Australian Government Information Management Office (AGIMO) has developed the Demand Assessment Methodology (DAM) and Value Assessment Methodology (VAM). Demand and Value were chosen as the two most important criteria in assessing a potential ICT application or service from the perspective of end users and customers.
Demand assessment forces the agency to start with the end user and determine the nature of their needs and how they might be best addressed. Value assessment is a more traditional evaluation, typically centred upon costs and benefits. In the case of government, value considerations also need to take account of social and governance implications as well as intangible benefits.
The DAM and VAM models assist agencies in developing transparent and auditable assessments of demand and value propositions for government online programs. These propositions underpin the business case and assist in substantiating the viability of the initiative. They should also be used to justify resource investment and demonstrate transparency and accountability. The two methodologies provide for a consistent approach across agencies.
For further information, see Demand and Value Assessment Methodology .
A Guide to ICT Sourcing provides Australian Government agencies with an overview of the various guidelines, documents and regulations that agencies need to understand when preparing a procurement plan. This section presents a brief overview of these requirements; refer to Appendix B of A Guide to ICT Sourcing for further information.
Financial management and accountability
For Australian Government agencies, the Financial Management and Accountability Act 1997 (commonly known as the FMA Act) specifies the legal framework for the expenditure of public money. This framework incorporates legislation, regulations and guidelines that set out procedures and requirements for proper accountability and auditing of public expenditure.
For more information, see FMA Legislation.
Procurement and best practice guidelines
The Commonwealth Procurement Guidelines (CPG) establishes value for money as the guiding principle for Australian Government procurement processes. Agencies are free to define their own procurement practices provided they comply with this guideline and all relevant government administrative requirements covering ICT purchasing.
Agencies must ensure they:
- Comply with the procurement procedures outlined in the CPG;
- Comply with additional requirements established through Chief Executive Instructions (CEIs); and
- Understand their accountability obligations to their Minister, the Government, the Parliament and the public.
In addition, the Procurement Policy Framework provides guidance on:
- Value for money;
- Efficient, effective and ethical use of public resources;
- Accountability and transparency; and
- Industry development requirements.
For more information, see the Commonwealth Procurement Guidelines.
Chief Executive Instructions (CEIs)
Within an agency, CEIs are the primary source of information and operational guidance for Procurement Officers. These instructions provide an agency-specific financial management framework for procurement.
See A Guide to ICT Sourcing for further details about CEIs.
ICT Mulit-Use List (ICTMUL)
The ICT MUL is a list of ICT suppliers that Australian Government agencies can use to source ICT goods and services and to select tender.
Australian Government agencies are not required to use the ICT MUL for their procurements. Read about the Australian Government's Procurement Framework.
Suppliers of ICT products and services can register to be included on the ICT MUL. Inclusion on the ICT MUL does not imply that the Australian Government endorses the use of that supplier's product or services.
Security is an important consideration in the procurement of any ICT solution. In general, agencies themselves remain accountable for the security and efficiency of any function that is sourced through an external service provider. The provider is required to meet the levels of security that were established for that function.
For more information, see the Attorney-General’s Department website and the Defence Signals Directorate website:
Government Information Technology and Communications (GITC) contracting framework
The Government Information Technology and Communications (GITC) contracting framework is a legal framework established by the Australian Government to provide standard terms and conditions for the purchase of ICT goods and services. The GITC provides models for a head agreement, terms and conditions, contract details and appendices. These allow agencies to construct an appropriate agreement with vendors with greater efficiency.
For more information, see the Department of Finance and Administration’s GITC website:
Contact for information on this page: SourceIT@finance.gov.au