Posted July 23, 2012
Response to the Email Transformation Initiative Request for Information
Solicitation No. 2B0KB-123327/B
Contact: Cindy Baker
Director, Government Relations
220 Laurier Avenue West
Ottawa, ON K1P 5Z9
Phone: 613-606-1860, Email: firstname.lastname@example.org
July 23, 2012
The Information Technology Association of Canada (ITAC) is pleased to provide this submission in response to the Shared Services Canada’s Letter of Interest on its Email Transformation Initiative. ITAC supports the Government’s plan to consolidate IT services to achieve improved service, security and cost savings.
ITAC is the voice of the Canadian information and communications technologies (ICT) industry. ITAC represents a diverse ICT community spanning telecommunications and internet services, ICT consulting services, hardware, microelectronics, software and electronic content. ITAC's community of companies accounts for more than 70 per cent of the 572,000 jobs, $140.5 billion in revenue, $6.0 billion in R&D investment, $31.4 billion in exports and $11.4 billion in capital expenditures that the ICT industry contributes annually to the Canadian economy. ITAC is a prominent advocate for the expansion of Canada's innovative capacity and for stronger productivity across all sectors through the strategic use of technology.
ITAC recognizes that many of our members will respond directly to the Letter of Interest with detailed and specific comments on the questions posed therein. As such, our comments will focus on only those general themes related to industry concerns and our Association’s priorities. We would like to thank you for this opportunity to provide input, and applaud SSC for the collaborative approach it is taking on this initiative.
Theme 3: Security Requirements
ITAC fully supports the Shared Service Canada’s commitment to improving security as it consolidates its Email Solution. As outlined in the RFI, Email is a “known major threat vector”, and there are serious concerns about the impact of cyber threats on the ability to protect personal data and Canada’s national security.
Clearly, the Government of Canada has a duty to take measures to protect confidential and personal information. Fundamentally, an effective way to do this is to implement a comprehensive and ongoing IT security program, based on the principles outlined in the ITSG-33 draft document, being developed by Communications Security Establishment Canada (CSEC). The RFI notes, on page 15, that email security has traditionally been addressed on an individual departmental or agency basis. However, it is imperative that the type of lifecycle approach outlined in ITSG-33, containing information security controls for the technical, operational and management sectors, be fully adopted by all Departments using the consolidated Email solution. We will leave it to members to comment on the questions regarding specific security measures and the business model for implementing them. Overall, the implementation of a consolidated, lifecycle program will have a significant impact on the Government’s ability to safeguard confidential data.
Theme 8: Small to Medium Enterprise Socio-Economic Considerations
ITAC supports the development of innovative SMEs that can support Canadian federal initiatives. Sixty-five per cent of our members are SMEs and 60% are Canadian-owned. Our larger members work with SMEs across Canada to provide IT solutions to the Government of Canada, provincial and municipal governments. SC can encourage partnership between highly-skilled, experienced firms and innovative Canadian SMEs to develop the business and relationship models that support innovation. SSC can build this requirement into the procurement process. As an example, large organizations acting as the prime supplier for a large procurement, such as Email Transformation, can be required to use SMEs in the service delivery by, for example, committing that a certain percentage of the overall contract value be delivered through Canadian SMEs. Another option is to provide rated points for Bidders that propose to use Canadian SMEs in the performance of the Contract.
Theme 10: Proposed Procurement Approach:
ITAC supports the Collaborative Procurement Solution, as proposed by Shared Services Canada (Q44). A win-win relationship occurs when the objectives and the strategy for procurement are clear and realistic for both sides. This can be achieved through early, ongoing and effective engagement with industry. The “win-win” happens when the final procurement reflects the results of a thorough consultation. A collaborative culture, such as this, will ultimately lead to improved partnerships, greater innovation, and successful results.
As well, ITAC agrees with the recommendations of the Jenkins report in that SSC should seek to define the desired outcome of a procurement and allow industry to respond with solutions, supported by recommended performance measures and benefits realization criteria (Q45). Moreover, the evaluation of bids should be based on overall value. The procurement process must focus on the problem to be solved, rather than prescribing detailed specifications. The Email Transformation initiative is an opportunity for Shared Services Canada and the Government of Canada to evolve to a new services paradigm.
With regard to Questions 53 to 55, we encourage Shared Services Canada to pay particular attention to the terms and conditions to be included as part of the RFP and the resulting contract process. Given the size and scope of this procurement, the adoption of contractual requirements which are contrary to commercial agreements and corporate governance laws, could have the effect of limiting the number of quality bids received.
A key example of this is the proposal for unlimited liability to minimize the risk of a security or privacy breach due to vendor negligence and due to a vendor being compelled by a foreign nation to hand over email information owned by the Government of Canada. ITAC and its members clearly take very seriously the need to protect confidential and personal information owned by the Government of Canada. As well, we fully agree that the Contractor must adhere to all security requirements in the contract and, if they do not, be subject to related remedies (to be discussed during the RFP refinement phase). However, the concept of unlimited liability is problematic in today’s corporate governance environment. It is not possible for a company to purchase insurance for uncapped liability. As such, corporate officers would not be permitted to sign off on unlimited corporate exposure in an environment where future techniques for cyber attacks can not necessarily be foreseen, and the limits to the use of the U.S. Patriot Act have yet to be tested.
ITAC has previously worked with PWGSC and Treasury Board Secretariat and achieved an agreement for a limitation on liability in IM/IT projects. Under that agreement, the Contractors would not be held liable for special, indirect or consequential damages, or for liability for damages of third parties, except in limited and specified circumstances. As well, it was agreed that first party liability for direct damages would be capped in the Contract. We will leave it to potential Bidders to propose details and a cap that would be appropriate for this procurement and in the current corporate environment.
In general, to achieve the most success, an enterprise purchasing model for the Government of Canada should align as much as possible with commercial enterprise agreements and practices. We recommend that a detailed discussion of contractual terms and conditions occur during the “Review & Refine Requirements Phase” of the procurement process. As well, Shared Services Canada should enter into early negotiations with the successful Bidder to allow the supplier to leverage its standard agreements. In doing so, taxpayers will benefit from maximum competition among suppliers, access to the fullest range of possible solutions and innovation, and the best possible pricing.
ITAC appreciates the opportunity to provide input on this precedent-setting procurement process. We fully support the collaborative procurement approach and trust that it will produce successful results.
We would be pleased to provide any further information, as needed.