- Category 1 - ICT Planning, Consultancy and Advisory Services
- Category 2 - ICT Implementation Services
- Category 3 - ICT Operations and Management Services
- Out of scope activity
- Buying rules
- Other policy requirements
- Insurance and Risk Levels
- Intellectual Property
- Who supplies what?
- What will it cost?
- How do I buy?
- After I buy
The Information and Communications Technology (ICT) Services Common Use Arrangement (CUA) is designed to facilitate the procurement of services where ICT is central to the achievement of a deliverable or outcome.
CUAICTS2021 offers a streamlined procurement process through flexible buying rules and simplified quotation templates.
The contract has three broad categories and a large range of contractors to choose from to meet agency requirements for ICT Services.
- Category 1 – ICT Planning, Consultancy and Advisory Services
- Category 2 – ICT Implementation Services
- Category 3 – ICT Operations and Management
Entities listed in the Approved register of who can buy from CUAs (formerly, the Approved CUA Users List) may buy off this CUA.
The following contract values and locations under this CUA are:
For State Agency procurements in the Perth region if the estimated contract value of the procurement exceeds $50,000 (up to $10,000,000)
- For procurements under $50,000
- For procurements in the regions
- For procurements by other approved CUA users
Where the CUA is non-mandatory you may:
- Purchase under the applicable CUA from a CUA contractor; or
- Exercise your discretion to purchase outside the CUA, and purchase in accordance with Western Australian Procurement Rules and Buy Local policy.
Before you buy, also check that your purchase falls within your organisation's procurement policies.
Applicable General Conditions of Contract
The General Conditions of Contract (August 2019) applies to this arrangement.
Category 1 - ICT Planning, Consultancy and Advisory ServicesShow more
For planning, consultancy and advisory services in which ICT is central to the requirement. Services include but are not limited to:
- Program identification and preparation services for digital transformation, including readiness planning.
- The planning and development of strategic business goals, including holistic digital transformation, ICT technical architecture, enterprise architecture, and migration plans/strategies.
- ICT program and project specification and selection (e.g. assistance in forming an ICT solution statement of requirements).
- Research and analysis into best practices, industry trends and strategic advice based on findings.
- Design and development of strategies to manage risks, including business change management and disaster recovery planning.
- Assistance in relation to procurement, transition, integration and delivery of ICT services.
- Project and portfolio governance advice, such as efficiency assessments.
- Assessment of security threats, risk and vulnerabilities to develop cyber security initiatives (e.g. policy and standard development, awareness training).
- Development of ICT business cases.
Deliverables or outcomes under this category may include plans, reports, transition, workshops, ICT policy advice and feasibility studies, and associated services including consultancy, assessments, reviews and recommendations.
Category 2 - ICT Implementation ServicesShow more
For the implementation of ICT related solutions including corporate applications, in-house business applications, web-based e-business, ICT infrastructure and digital or cloud-based systems.
The category includes solution implementation inclusive of design, configuration, customisation, installation, data migration, testing and training. Services include but are not limited to:
- Project and program delivery and implementation services, e.g. for cloud transition and digital transformation.
- The analysis, detailed design, development, and initial setup of solutions.
- Architectural governance and design.
- Data conversion, cleansing and migration onto cloud solutions.
- The development of system manuals or guides.
- Implementation of content management tools, including configuration if required.
- Application development, deployment and integration services.
- Set up of usage and monitoring reporting.
- Initial application testing.
- Initial infrastructure testing for security/vulnerabilities (penetration testing, integration testing etc).
- Information security and cyber security solution/initiative implementation.
Deliverables or outcomes under this category can include the development, configuration and implementation of applications, software, websites, programs, system manuals and reports.
Category 3 - ICT Operations and Management ServicesShow more
For ongoing operation, support, maintenance and/or management of an ICT solution.
The ICT solution may be infrastructure, platform or application based and deployed as on-premise or outsourced based model solutions.
Services include but are not limited to:
- Installation and configuration of support applications and services.
- Ongoing system and environment testing.
- ICT environment management, optimisation, monitoring and analysis.
- Data protection and systems recovery management.
- Digital workplace service management.
- Database and data management services.
- Maintenance agreement initiation and administration.
- Security incident monitoring and response.
- Ongoing security compliance reviews including vulnerability testing.
- Business intelligence, monitoring and predictive analytics.
Deliverables or outcomes under this category would be for ongoing maintenance of the relevant ICT environment.
Out of scope activityShow more
Purchasing of the following is out of scope of CUAICTS2021:
- ICT hardware, including but not limited to computing, storage and network infrastructure, audio/visual hardware and telecommunications infrastructure and ongoing or extension of the purchased hardware’s maintenance.
- Proprietary software products inclusive of on premise and Software as a Service (SaaS), and ongoing or extension of proprietary software maintenance.
- Private, hybrid or public cloud services including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and SaaS.
- Licensed and/or Licences for subscription based services.
Refer to the How do I buy section for additional guidance on purchases that include Product related services or services available on other CUA’s such as:
- ICT Services or GovNext-ICT?
- ICT Services or Temporary Personnel Services?
Buying rulesShow more
Information and Communication Technology Services (CUAICTS2021)
|Monetary threshold (inclusive of GST)||Minimum buying rules for ICT Services CUAICTS2021|
|Up to $50,000||
Use of CUAICTS2021 is discretionary.
State agencies may determine the most appropriate procurement method (e.g. direct sourcing, or verbal or written quotations) based the nature of the market, risk, complexity and in accordance with the minimum requirements of the Western Australian Procurement Rules
|$50,001 to $250,000||Request a minimum of two (2) quotes from CUA contractors meeting the minimum insurance cover for the Customer’s assessed Risk Level.|
|$250,001 up to $10,000,000||Request a minimum of three (3) quotes from CUA contractors meeting the minimum insurance cover for the Customer’s assessed Risk Level.|
|$10,000,001 and above||Open tender|
Buyers must publish all contract award details on Tenders WA where the contract is valued $50,000 or more.
Buying Rules Amazon Web Services CUAAWS2020
Buyers wanting to purchase Professional Services from CUAAWS2020 the following buying rules apply.
|Monetary threshold (inc. GST)||Minimum buying rules for CUA AWS2020|
|Up to $50,000||Direct purchase|
|$50,001 to $250,000||Request a quote from AWS and a minimum of one (1) additional quote from AWS Partners under the ICT Services CUA*.|
|$250,001 to $10,000,000||Request a quote from AWS and a minimum of two (2) additional quote from AWS Partners under the ICT Services CUA*.|
*Note: Only AWS Direct purchases are within scope of this CUAAWS2020. Any quotes accepted from AWS partners under CUAICTS2021 are within scope of CUAICT2021.
Other policy requirementsShow more
State agencies should be aware of the following requirements under Western Australian Procurement Rules as they apply to purchases from this CUA. The below table is a summary of the requirements, and State agencies are encouraged to review the WA Procurement Rules.
|Requirement||WA Procurement Rules|
|Buyers must prepare a procurement plan and submit it to the State Tenders Review Committee.||
Yes, for all contracts with a Total Estimated Value of $5 million and above (WA Procurement Rule C3(1)), unless the State agency is not required to do so under WA Procurement Rule C3(3).
|Buyers must involve the Department of Finance.||Yes, where the Total Estimated Value of the proposed procurement is $250,000 or above.|
|Buyers must obtain approval from an authorised officer of the Department of Finance to purchase through an alternative arrangement to this CUA.||
Yes, for all values and delivery locations where the purchase of goods and / or services under the CUA are mandatory (WA Procurement Rule C2.2).
Please note that State agencies are not required to request advice or approval from the Department of Finance, regardless of value, to purchase from an ADE or an Aboriginal Business (WA Procurement Rule C2.2).
Request Development and Contract Formation
|Requirement||WA Procurement Rules|
|Buyers must prepare an evaluation report.||
An evaluation report must be developed for all Procurements valued $50,000 and above (WA Procurement Rule D7(1)).
The detail of an evaluation report must be commensurate with the value, risk and complexity of the Procurement (WA Procurement Rule D7(2)).
|Buyers must submit an evaluation report to the State Tender Review Committee.||
Yes, for all contracts where the Total Estimated Value is $5 million or above (WA Procurement Rule D7(3)), unless the State agency has not been required to submit an evaluation report under WA Procurement Rule D7(4).
|Buyers must publish details of their purchase on Tenders WA.||
Yes, for all contracts valued $50,000 or more (WA Procurement Rule D8.1), unless the State agency is not required to do so under WA Procurement Rule D8.2.
|Buyers must record the purchase on the agency’s contract register, as instructed within the buying agency’s financial management manual.||Yes, for all contracts valued at $50,000 or more (WA Procurement Rule F5), unless alternative arrangements have been approved under WA Procurement Rule F5(6).|
|Requirement||WA Procurement Rules|
|Buyers must prepare a contract management plan.||Contract management or project management plans must be developed for all contracts with a Total Estimated Value of $5 million and above (WA Procurement Rule E1(1)), unless exempted under WA Procurement Rule E1(2).|
|Buyers must publish details of contract variations on Tenders WA.||State agencies must publish variations on Tenders WA in accordance with WA Procurement Rule E3.1.|
|Buyers must seek advice from the Department of Finance on variations.||State agencies must seek written advice from the Department of Finance if the Variation(s) individually or cumulatively:
Exemption from using this CUA
Finance is responsible for processing and approving all requests from State agencies seeking exemption from using a mandatory CUA. Requests for an exemption are considered on a case-by-case basis, and a requesting agency must be able to demonstrate that a business need cannot be adequately met by the relevant CUA.
Exemption requests should be directed to the Assistant Director Procurement Frameworks through an email to the contract manager in the first instance. Requests for exemption may be received by posted letter or email, but must be in writing and provide sufficient explanation and background to enable the request to be considered. The requesting officer should be the Accountable Authority or delegate of the agency.
For guidelines on what to include in an exemption request, please refer to the Purchase from a CUA or my Agency’s Panel Arrangements Guideline
Insurance and Risk LevelsShow more
For each Customer Contract, customers should assess the applicable risk level. Quotes may only be sought from contractors with the minimum insurance cover as specified in the table below.
|Risk Level||Key Risk||Minimum Insurance Cover||Examples|
|Low Risk Contracts||Errors and omissions in the advice provided which is covered by Professional Indemnity insurance.||
Professional Indemnity $1m
Public Liability $10m
|The majority of activities under Category 1 - ICT planning, consultancy and advisory services but not limited to this category such as providing research on cloud service provider options or perform an audit of the ICT system.|
|Errors and omissions in the advice provided which is covered by Professional Indemnity insurance.||
Professional Indemnity $5m
Public Liability $10m
|The majority of activities under Category 2 - ICT implementation services but not limited to this category such as perform an upgrade to a customer’s in-house system.|
|High Risk Contracts||Mainly Cyber and liability risk exposures e.g. network intrusion, loss of records, business interruption, and network mismanagement.||
Professional Indemnity $5m
Public Liability $20m
|The majority of activities under Category 3 - ICT Operations and Management Services but not limited to this category such as ongoing management or a cloud-based ERP solution.|
Based on the scope of the Customer Contract and the assessed risks, Customers may require and request the following optional insurances in their Order Forms:
- Cyber (Technology) Liability
- Motor Vehicle Third Party
- Compulsory Third Party
State Agency buyers can also refer to the CUAICTS2021 – Procurement Guide for a summary of the minimum requirements based on the estimated value of a Customer Contract.
Cyber (Technology) Insurance Guide
Cyber (Technology) Insurance is an optional insurance under CUAICTS2021 that agencies may require a contractor to hold. It is designed to protect organisations against the costs/claims incurred as a result of a cyber-attack and an organisation's liability arising from cyber incidents such as a data breach in which personal information the organisation is responsible for is exposed or stolen.
Typical costs incurred include:
- Business interruption expenses (Loss of income and operational expenses due to network interruption)
- Response & data restoration costs
- Legal fines & penalties
- Legal Expenses
- Extortion/Ransom costs
- Third Party Liability
State agencies’ Cyber Risk cover
Responsibility for identifying and managing cyber risks, including funding the costs associated with cyber-attacks, rests primarily with agencies. The Insurance Commission of Western Australia (ICWA) provides Cyber Risk cover to State agencies insured in the RiskCover Fund and can be consulted on this matter.
Cyber (Technology) Insurance when procuring ICT Services
Buyers procuring ICT services need to determine if contractors should be required to hold cyber insurance. It is highly recommended that expertise in cyber risk be obtained to identify, through a risk assessment, to what extent a contractor may have responsibility for cyber risks and to identify an appropriate level of insurance required of a contractor. Buyers should also review the WA Government Cyber Security Policy.
Things to consider when requesting Cyber (Technology) Insurance
Contractors may have cyber insurance coverage included in their professional indemnity insurance policies. Therefore seeking separate cyber insurance policies may not be necessary.
Cyber Insurance policies can be very expensive, and limitations may be placed on claims. Unnecessary or excessive level of cover may affect the competitiveness of quotes in ways such as:
- Reducing the number of potential offers (particularly SMEs)
- Increasing prices through insurance costs being passed on to the customer; or
- Increasing procurement timeframes due to departures to insurance conditions having to be negotiated.
Before you request Cyber insurance consider the following;
- The scope of the services required under the contract, as not all ICT contracts will require cyber insurance.
- Undertake a risk assessment to adequately assess the level of residual exposure to cyber liability risks. A risk assessment will help in assessing:
- the financial impacts arising from the procured services:
- level of insurance and liability capping; and
- if specific cyber insurance is required for the service.
- Assess the potential commercial impact that any cyber insurance requirements may have on the resulting contract.
- Prior to releasing the Request for Quote to market, consult with potential respondents to identify what levels of insurance they currently have in place.
- Cyber insurance pays for losses/claims and should not be considered as the final risk mitigation control, nor the primary control for cyber risk. Effective ICT governance and security controls are the most effective risk mitigation strategies.
When seeking quotes buyers should take into consideration the Risk and Insurance cover required as specified in the table below:
|Risk Level||Cyber Insurance Cover||Risk and Insurance Considerations|
Low Risk Contracts
Category 1 Services
Category 1 services are consultancy and advisory in nature and as such the main insurable risk exposure is Professional Indemnity.
However, State agencies need to be aware that in some instances, insurers may apply cyber exclusions under Professional Indemnity, therefore, State agencies should check with the Contractor whether their Professional Indemnity insurance has any cyber exclusions.If there are cyber exclusions, undertake a risk assessment to determine whether there is a need to include Cyber insurance.
|Medium Risk Contracts||
Category 2 Services
State agencies should consider doing a risk assessment for the following services under Category 2 to determine the insurance limits:
Other services under Category 2 may not require a risk assessment unless the State agency considers it appropriate for a risk assessment to be undertaken, as the services may be covered under Professional Indemnity.
However, State agencies need to be aware that in some instances, insurers may apply cyber exclusions under Professional Indemnity, therefore, State agencies should check with the Contractor whether their Professional Indemnity insurance has any cyber exclusions.
|High Risk Contracts||$5million minimum||
Category 3 Services
The majority of the services in Category 3 have a Cyber exposure.
State agencies should therefore determine Cyber insurance limits by undertaking a risk assessment for the following services:
Assistance from the Office of Digital Government
The Office of Digital Government’s Cyber Security Unit can assist you with providing advice on cyber risk management.
They host a range of information online that can assist you with the decision process.
Intellectual PropertyShow more
Under the CUAICTS2021 Head Agreement the Contractor is the owner of the Intellectual Property Rights in New Material for the purposes of clause 23.2 of the General Conditions unless otherwise specified by the Customer in the Quote Form.
This grants the Customer an irrevocable, perpetual, royalty-free, nonexclusive license to exercise any or all of the rights of an owner of Intellectual Property Rights in the New Material during the remainder of the duration of the Intellectual Property Rights in that New Material.
Refer to Applicable GCOC to view the Intellectual Property Rights clause in full.
What will it cost?Show more
The cost will vary depending on the combination of categories and/or services being purchased. Buyers will determine pricing directly with Contractors via the quotation process.
Payment by purchasing card
The government purchasing card offers a quick and convenient method of payment allowing goods and services to be efficiently purchased.
Always remember to inform the contractor that you will be paying by government purchasing card, at the time of ordering the product or service, and ensure they clearly understand that they must send the tax invoice directly to you, the cardholder.
How do I buy?Show more
Step by step buying process
The steps below outline the process and recommended documents to establish a Customer Contract:
- Identify the scope and requirements.
- Obtain the necessary approvals to commence the procurement process;
- For Customer Contracts with an estimated value over $250,000, contact the Department of Finance Procurement Representative.
- For Customer Contracts over $5M, contact the Office of Digital Government prior to submitting the Procurement Plan to STRC.
- Select the contractor/s that meet your requirements by browsing the Contractor Catalogue.
- Complete and forward Part A:
- Quote Form to seek quotes and obtain pricing from selected contractor(s) as per CUAICTS2021 Buying Rules.
- Contractor(s) completes, signs and returns Part B:
- Contractor Offer to the Customer by the specified date for consideration.
- Evaluate Contractor’s Offers to determine the best value for money.
- Document your decision making through Evaluation Form.
- Contact and negotiate with selected contractor (if applicable).
- Customer completes and forwards Part C:
- Acceptance of Offer to successful contractor to confirm order.
- Customer notifies unsuccessful contractors and may provide a debrief on request.
- If contract is over $50,000 then publish contract award details on Tenders WA.
- Contractor delivers services.
Time Based ICT Roles
A Time Based Customer Contract will apply where a deliverable or outcome is obtained via a supported ICT role using a maximum daily/hourly rate.
Contractors have stipulated the ICT roles they can offer and can be accessed from the Contractor Catalogue.
Outcome as a Service (OaaS)
Outcome as a Service (OaaS) refers to situations where contractors, for a fee, are responsible for providing end to end solutions. In this Request, this may cover the services within both category 2 and 3. Some category 1 services may also be included within an OaaS offering.
All elements of the OaaS solution will be the responsibility of the contractor including all products and services required to deliver the OaaS.
The contractor offering must not involve customers committing to:
- Owning any proprietary Products during or at the end of the contract (e.g. owning hardware).
- Signing any proprietary Product and Service licence agreements before, during or at the end of the contract (e.g. hardware maintenance agreements, software licence agreements, public cloud service agreements). This is a point of difference with the more commonly purchased cloud hosting and software as a service solutions.
- Any residual components after the contract ends (e.g. a vendor committing to leasing equipment to provide a hosting environment and a cloud service).
Providing it does not conflict with the conditions above, contractor’s may:
- Leverage ICT hardware, cloud services and/or software products to deliver an OaaS.
- Allow customers to enter into service user agreements that underpin the use of software.
CUAICTS2021 does not include direct purchasing of software licenses, equipment, private, public or hybrid cloud hosting. Customers wanting these products and services will use other CUAs where they exist or source via the procurement methods set out in the Western Australian Procurement Rules.
Product related services
Where a State agency is purchasing both products and associated services in the same procurement, they should be purchased in accordance with the procurement methods set out in the Western Australian Procurement Rules or if applicable, under these relevant CUAs:
- Computing and Mobile Devices CUACMD2014
- Microsoft Licenses - Whole of Government CUA150910
- Oracle Products CUA0149312
- Amazon Web Services CUAAWS2020
If the purchase of products requires services, refer to the following guidelines:
|What do I need?||ICTS2021|
|Maintenance and support services included in the purchase/agreement/license of the proprietary products.||No|
|Maintenance and support services not included in the purchase/agreement/license of the proprietary products.||Yes|
|Maintenance and support services for a software solution developed and owned solely by the agency.||Yes|
ICT Services or GovNext-ICT?
The following table may be used as a guide to select between CUAICTS2021 - ICT Services and GovNext-ICT CUAGNICT2015. Where a service is listed as falling under both the ICT Services CUA and GovNext, agencies can choose to procure from either CUA (noting that the GovNext Service Catalogues are live documents for dynamic services and will change from time to time).
|I need to procure network infrastructure||No||Yes|
|I need to test / maintain my existing, self-managed network||Yes||No|
|I need to procure a firewall management service||No||Yes|
|I require assistance managing my existing, self-managed server infrastructure||Yes||Yes|
|I need to procure additional storage||No||Yes|
|I require support for my existing backup solution||Yes||Yes|
|I require a new backup-as-a-service solution||No||Yes|
|I require support managing my server operating systems, including licensing, asset management, installation and configuration management||Yes||Yes|
|I require support managing my desktop operating systems, including licensing, asset management, installation and configuration management||Yes||No|
|I require ICT project or advisory services||Yes||Yes|
|I require support developing my in-house application||Yes||No|
ICT Services or Temporary Personnel Services?
The following table compares the features of CUAICTS2021 - ICT Services and CUATPS2019 – Temporary Personnel Service and may be used as a guide to select the most appropriate CUA:
|ICT Service||Temporary Personnel Services|
|The CUA is for Customers that require Outcome and Time Based ICT services.
The CUA categories are:
1. ICT Planning, Consultancy and Advisory Services
2. ICT Implementation Services
3. ICT Operations and Management Services
|The CUA is for Customers that need an appropriately skilled temporary resource. This resource will be managed by the Customer and is not necessarily required to deliver a completed outcome.
The CUA categories are:
a). Clerical and Administrative
b). Technical & Trades
d). Information & Communication Technology
|Contractors are expected to provide professional support to the individual allocated to the ICT role to enable them to deliver service outcomes for the customer.||Contractors are not expected to provide professional support to the temporary personnel.|
|The responsibility for performance of the individual allocated to the ICT role resides with the Contractor.||The responsibility for performance and outcomes of the personnel resides with the agency.|
|If the individual allocated to the ICT role ceases to be available during the term of the Customer Contract, the contractor will be required to offer a replacement with similar skillsets to complete the service delivery.||Contractors are not obligated to offer replacement personnel.|
For further information on the approved procedures for authorities subject to the Public Sector Management Act 1994 (PSMA) when establishing a contract for service, please see Public Sector Commission’s Approved Procedure 5 (AP5)
After I buyShow more
- Manage your contract term – keep an eye on Customer Contract expiry dates.
- If you extend a Customer Contract, make sure that you obtain and keep a record of any internal approvals required by your agency.
- Test the market on a regular basis to see what the other contractors on the CUA are offering.
- Check invoices for accuracy before authorising payment.
- Monitor contractor performance and deliverables.
- Document any issues as they arise even if they are resolved. This will assist in ongoing supplier performance management.
- If you encounter an issue and you are unable to resolve it directly with the contractor, please contact the contract manager.