From 1 September 2021 suppliers will be required to follow set procedures to report security incidents; and they must have a data management plan if they are to successfully negotiate an ICT contract with a NSW government agency. They may also be required to use specified security software.
As of that date, an updated ICT contracting framework becomes mandatory for high-value (over $1 million) or high-risk procurements undertaken by NSW government agencies.
This framework, released in July 2021, includes two new mandatory use contracts – the Master ICT Agreement (MICTA) and the ICT Agreement (ICTA).
MICTA is similar to the Head Agreement under the previous Procure IT Framework, and ICTA is equivalent to the Customer Contract under the Procure IT Framework.
The key objective of using the new framework is to streamline and simplify contracting. The government believes it has embedded sufficient flexibility in the new framework to suit the requirements of individual procurements.
Robust privacy and security protections for agency data are key features of the new framework.
Default liability is capped at $2M (where the total contract fee is less than $1M), and two times the total contract fee (where the it is above $1M). .
In another major shift, suppliers may be permitted to include certain of their documents into an ICTA contract schedule. However, such inclusions cannot conflict with the core terms of the MICTA/ICTA (such as termination rights).
SMEs have been accorded some special conditions in the new framework. For example, they will be able to seek more favourable treatment of risk than would be available to multinational corporations. This measure is in line the latest NSW SME and Regional Procurement Policy.
While some suppliers will no doubt claim the new framework is an onerous burden, it has been the subject of extensive consultation with the ICT industry and agency stakeholders. As a result, the NSW government is very unlikely to resile from its cyber and data requirements of suppliers and is likely to enforce agency adherence to MICTA/ICTA much more vigorously than it has in the past.