Information and Communications Technology Services CUAICTS2021

Common use arrangement buyers guide for Information and Communications Technology Services CUAICTS2021

The Information and Communications Technology (ICT) Services Common Use Arrangement (CUA) is designed to facilitate the procurement of services where ICT is central to the achievement of a deliverable or outcome.

CUAICTS2021 offers a streamlined procurement process through flexible buying rules and simplified quotation templates.

The contract has three broad categories and a large range of contractors to choose from to meet agency requirements for ICT Services.

  • Category 1 - ICT Planning, Consulting and Advisory Services
  • Category 2 - ICT Implementation Services
  • Category 3 - ICT Operations and Management Services

Entities listed in the Approved register of who can buy from CUAs (formerly, the Approved CUA Users List) may buy off this CUA.

In accordance with Western Australian Procurement Rules, you can buy outside of this CUA and directly source from an Australian Disability Enterprise (ADE) or Aboriginal Business.

Metro and regional

This CUA is mandatory for State agencies in the Perth region if the estimated contract value of the procurement is $50,000 or more (up to $10,000,000).  This CUA is non-mandatory for procurements under $50,000 and for all procurements by State agencies in the regions and other approved CUA users.

If your delivery point is regional WA you may:

  • purchase under the applicable CUA from a CUA contractor. Some CUAs may have contractors that are located in the region/s; or
  • exercise your discretion to purchase outside the CUA, and purchase in accordance with Western Australian Procurement Rules and Buy Local Policy

Before you buy, also check that your purchase falls within your organisation's procurement policies.

Applicable GCOC

The General Conditions of Contract August 2019 applies to this arrangement.

Category 1 - ICT Planning, Consultancy and Advisory Services

Show more

This category caters for planning, consultancy and advisory services as listed below, in which ICT is central to the requirement:

  • Program identification and preparation services for digital transformation, including readiness planning.
  • The planning and development of strategic business goals, including holistic digital transformation, ICT technical architecture, enterprise architecture, and migration plans/strategies.
  • ICT program and project specification and selection (e.g. assistance in forming an ICT solution statement of requirements).
  • Research and analysis into best practices, industry trends and strategic advice based on findings. 
  • Design and development of strategies to manage risks, including business change management and disaster recovery planning.
  • Assistance in relation to procurement, transition, integration and delivery of ICT services.
  • Project and portfolio governance advice, such as efficiency assessments.
  • Assessment of security threats, risk and vulnerabilities to develop cyber security initiatives (e.g. policy and standard development, awareness training).
  • Development of ICT business cases.

Deliverables or outcomes under this category may include plans, reports, transition, workshops, ICT policy advice and feasibility studies, and associated services including consultancy, assessments, reviews and recommendations.

Category 2 - ICT Implementation Services

Show more

This category caters for ICT related applications including corporate applications, in-house business applications, web-based e-business, ICT infrastructure and digital or cloud-based systems.

The category includes solution implementation inclusive of design, configuration, customisation, installation, data migration, testing and training.

Services include but are not limited to:

  • Project and program delivery and implementation services, e.g. for cloud transition and digital transformation.
  • The analysis, detailed design, development, and initial setup of solutions.
  • Architectural governance and design.
  • Data conversion, cleansing and migration onto cloud solutions.
  • The development of system manuals or guides.
  • Implementation of content management tools, including configuration if required.
  • Application development, deployment and integration services.
  • Set up of usage and monitoring reporting.
  • Initial application testing.
  • Initial infrastructure testing for security/vulnerabilities (penetration testing, integration testing etc).
  • Information security and cyber security solution/initiative implementation.

Deliverables or outcomes under this category can include the development, configuration and implementation of applications, software, websites, programs, system manuals and reports.

Category 3 - ICT Operations and Management Services

Show more

This category caters for ongoing operation, support, maintenance and/or management of an ICT solution.

The ICT solution may be infrastructure, platform or application based and deployed as on-premise or outsourced based model solutions.

Services include but are not limited to:

  • Installation and configuration of support applications and services.
  • Ongoing system and environment testing.
  • ICT environment management, optimisation, monitoring and analysis.
  • Data protection and systems recovery management.
  • Digital workplace service management.
  • Database and data management services.
  • Maintenance agreement initiation and administration.
  • Security incident monitoring and response.
  • Ongoing security compliance reviews including vulnerability testing.
  • Business intelligence, monitoring and predictive analytics.

Deliverables or outcomes under this category would be for ongoing maintenance of the relevant ICT environment.

Out of scope activity

Show more

Purchasing of the following is out of scope of CUAICTS2021:

  • ICT hardware, including but not limited to computing, storage and network infrastructure, audio/visual hardware and telecommunications infrastructure and ongoing or extension of the purchased hardware’s maintenance.
  • Proprietary software products inclusive of on premise and Software as a Service (SaaS), and ongoing or extension of proprietary software maintenance.
  • Private, hybrid or public cloud services including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and SaaS. 
  • Licensed and/or Licences for subscription based services.

Refer to the How do I buy section for additional guidance on purchases that include Product related services or services available on other CUA’s such as:

  • ICT Services or GovNext-ICT?
  • ICT Services or Temporary Personnel Services?

Buying rules

Show more
Monetary threshold (inclusive of GST) Minimum buying rules for ICT Services CUAICTS2021
Up to $50,000

Use of CUAICTS2021 is discretionary.

State agencies may determine the most appropriate procurement method (e.g. direct sourcing, or verbal or written quotations) based the nature of the market, risk, complexity and in accordance with the minimum requirements of the Western Australian Procurement Rules
State agencies may request a quotation from a minimum of one qualified contractor.

$50,001 to $250,000 Request a minimum of two (2) quotes from CUA contractors meeting the minimum insurance cover for the Customer’s assessed Risk Level. 
$250,001 up to $10,000,000 Request a minimum of three (3) quotes from CUA contractors meeting the minimum insurance cover for the Customer’s assessed Risk Level.
$10,000,001 and above Open tender

Buyers must publish all contract award details on Tenders WA where the contract is valued $50,000 or more.

Other policy requirements

Show more

State agencies should be aware of the following requirements under Western Australian Procurement Rules.

Procurement Planning

Requirement WA Procurement Rules
Buyers must prepare a procurement plan and submit it to the State Tenders Review Committee. Yes, for all purchases at and above $5,000,000 (WA Procurement Rule C3(1)), unless the State agency is not required to do so under WA Procurement Rule C3(3).
Buyers must involve the Department of Finance. Yes, where the total estimated value of the proposed procurement is $250,000 or above.
Buyers must obtain approval from an authorised officer of the Department of Finance to purchase through an alternative arrangement to this CUA.

Yes, for all values and delivery locations where the purchase of goods and / or services under the CUA are mandatory (WA Procurement Rule C2.2).

Please note that State agencies are not required to request advice or approval from the Department of Finance, regardless of value, to purchase from an ADE or an Aboriginal Business (WA Procurement Rule C2.2).

Request Development and Contract Formation

Requirement WA Procurement Rules
Buyers must prepare an evaluation report.

An evaluation report must be developed for all Procurements valued $50,000 and above (WA Procurement Rule D7(1)).

The detail of an evaluation report must be commensurate with the value, risk and complexity of the Procurement (WA Procurement Rule D7(2)).

Buyers must submit an evaluation report to the State Tender Review Committee. Yes, for all purchases at and above $5,000,000 (WA Procurement Rule D7(3)), unless the State agency has not been required to submit an evaluation report under WA Procurement Rule D7(4).
Buyers must publish details of their purchase on Tenders WA. Yes, for all purchases above $50,000 (WA Procurement Rule D8.1).
Buyers must record the purchase on the agency’s contract register, as instructed within the buying agency’s financial management manual. Yes, for all purchases above $50,000 (WA Procurement Rule F5), unless alternative arrangements have been approved under WA Procurement Rule F5(6).

Contract Management

Requirement WA Procurement Rules
Buyers must prepare a contract management plan. Contract management or project management plans must be developed for all Procurements with a Total Estimated Value of $5 million and above (WA Procurement Rule E1(1)), unless exempted under WA Procurement Rule E1(2).
Buyers must publish details of contract variations on Tenders WA. State agencies must publish variations on Tenders WA in accordance with WA Procurement Rule E3.1.
Buyers must seek advice from the Department of Finance on variations. State agencies must seek written advice from the Department of Finance if the Variation(s) individually or cumulatively:
  1. are valued at $250,000 or above; or
  2. propose to extend the contract by 6 or more months past its final expiry date.
(WA Procurement Rule E2).

Exemption from using this CUA

Finance is responsible for processing and approving all requests from State agencies seeking exemption from using a mandatory CUA. Requests for an exemption are considered on a case-by-case basis, and a requesting agency must be able to demonstrate that a business need cannot be adequately met by the relevant CUA.

Exemption requests should be directed to the Assistant Director Procurement Frameworks through an email to the contract manager in the first instance. Requests for exemption may be received by posted letter or email, but must be in writing and provide sufficient explanation and background to enable the request to be considered. The requesting officer should be the Accountable Authority or delegate of the agency.

For guidelines on what to include in an exemption request, please refer to the Purchase from a CUA or my Agency’s Panel Arrangements Guideline 

Insurance and Risk Levels

Show more

For each contract, customers should assess the applicable risk level. Quotes may only be sought from contractors with the minimum insurance cover as specified in the table below.

Risk Level Key Risk Minimum Insurance Cover Examples
Low Risk Contracts Errors and omissions in the advice provided which is covered by Professional Indemnity insurance.

Professional Indemnity $1m 

Public Liability $10m

Workers’ Compensation

The majority of activities under Category 1 - ICT planning, consultancy and advisory services but not limited to this category such as providing research on cloud service provider options or perform an audit of the ICT system.
Risk Contracts
Errors and omissions in the advice provided which is covered by Professional Indemnity insurance.

Professional Indemnity $5m

Public Liability $10m

Workers’ Compensation

The majority of activities under Category 2 - ICT implementation services but not limited to this category such as perform an upgrade to a customer’s in-house system.
High Risk Contracts Mainly Cyber and liability risk exposures e.g. network intrusion, loss of records, business interruption, and network mismanagement.

Professional Indemnity $5m

Public Liability $20m

Workers’ Compensation

The majority of activities under Category 3 - ICT Operations and Management Services but not limited to this category such as ongoing management or a cloud-based ERP solution.

Based on the scope of the Customer Contract and the assessed risks, Customers may require and request the following optional insurances in their Order Forms:

  • Cyber (Technology) Liability 
  • Motor Vehicle Third Party
  • Compulsory Third Party

Cyber (Technology) Insurance Guide

Cyber (Technology) Insurance is an optional insurance under CUAICTS2021 that agencies may require  a contractor to hold. It is designed to protect organisations against the costs/claims incurred as a result of a cyber-attack and an organisation's liability arising from cyber incidents such as a data breach in which personal information the organisation is responsible for is exposed or stolen.

Typical costs incurred include:

  • Business interruption expenses (Loss of income and operational expenses due to network interruption)
  • Response & data restoration costs
  • Legal fines & penalties
  • Legal Expenses
  • Extortion/Ransom costs
  • Third Party Liability

State agencies’ Cyber Risk cover

Responsibility for identifying and managing cyber risks, including funding the costs associated with cyber-attacks, rests primarily with agencies. The Insurance Commission of Western Australia (ICWA) provides Cyber Risk cover to State agencies insured in the RiskCover Fund and can be consulted on this matter.

Cyber (Technology) Insurance when procuring ICT Services   

Buyers procuring ICT services need to determine if contractors should be required to hold cyber insurance. It is highly recommended that expertise in cyber risk be obtained to identify, through a risk assessment, to what extent a contractor may have responsibility for cyber risks and to identify an appropriate level of insurance required of a contractor.  
For further guidance with regard to coverage please contact ICWA.

Things to consider when requesting Cyber (Technology) Insurance

Contractors may have cyber insurance coverage included in their professional indemnity insurance policies. Therefore seeking separate cyber insurance policies may not be necessary.

Cyber Insurance policies can be very expensive, and limitations may be placed on claims. Unnecessary or excessive level of cover may affect the competitiveness of quotes in ways such as:

  • Reducing the number of potential offers (particularly SMEs)
  • Increasing prices through insurance costs being passed on to the customer; or
  • Increasing procurement timeframes due to departures to insurance conditions having to be negotiated.

Before you request Cyber insurance consider the following;

  • The scope of the services required under the contract, as not all ICT contracts will require cyber insurance. 
  • Undertake a risk assessment to adequately assess the level of residual exposure to cyber liability risks. A risk assessment will help in assessing:
    • the financial impacts arising from the procured services:
    • level of insurance and liability capping; and
    • if specific cyber insurance is required for the service.
  • Assess the potential commercial impact that any cyber insurance requirements may have on the resulting contract.
  • Prior to releasing the Request for Quote to market, consult with potential respondents to identify what levels of insurance they currently have in place.
  • Cyber insurance pays for losses/claims and should not be considered as the final risk mitigation control, nor the primary control for cyber risk. Effective ICT governance and security controls are the most effective risk mitigation strategies. 

Assistance from the Office of Digital Government

The Office of Digital Government’s Cyber Security Unit can assist you with providing advice on cyber risk management.
They host a range of information online that can assist you with the decision process.

Intellectual Property

Show more

Under the CUAICTS2021 Head Agreement the Contractor is the owner of the Intellectual Property Rights in New Material for the purposes of clause 23.2 of the General Conditions unless otherwise specified by the Customer in the Quote Form.

This grants the Customer an irrevocable, perpetual, royalty-free, nonexclusive license to exercise any or all of the rights of an owner of Intellectual Property Rights in the New Material during the remainder of the duration of the Intellectual Property Rights in that New Material. 

Refer to Applicable GCOC to view the Intellectual Property Rights clause in full.

Who supplies what?

Show more

Which contractors supply what products/services?

To access the list of all contractors and assist with the selection of CUAICTS2021 contractors please refer to the Contractor Catalogue.

How do I buy?

Show more

Step by step buying process

The steps below outline the process and recommended documents to establish a Customer Contract:

  1. Identify the scope and requirements.
  2. Obtain the necessary approvals to commence the procurement process;
    • For Customer Contracts with an estimated value over $250,000, contact the Department of Finance Procurement Representative.
    • For Customer Contracts over $5M, contact the Office of Digital Government prior to submitting the Procurement Plan to STRC.
  3. Select the contractor/s that meet your requirements by browsing the Contractor Catalogue.
  4. Completes and forwards Part A:
    • Quote Form to seek quotes and obtain pricing from selected contractor(s) as per CUAICTS2021 Buying Rules.
  5. Contractor(s) completes, signs and returns Part B:  
    • Contractor Offer to the Customer by the specified date for consideration.
  6. Evaluate Contractor’s Offers to determine the best value for money.
  7. Document your decision making through Evaluation Form.
  8. Contact and negotiate with selected contractor (if applicable).
  9. Customer completes and forwards Part C:
    • Acceptance of Offer to successful contractor to confirm order.
  10. Customer notifies unsuccessful contractors and may provide a debrief on request.
  11. If contract is over $50,000 then publish contract award details on Tenders WA.
  12. Contractor delivers services.


Buyers will determine pricing directly with Contractors via the quotation process.

Payment by Purchasing Card

The government Purchasing Card offers a quick and convenient method of payment allowing many goods and services to be efficiently purchased. 
Always remember to inform the contractor that you will be paying by government Purchasing Card, at the time of ordering the product or service, and ensure they clearly understand that they must send the tax invoice directly to you, the cardholder.

Time Based ICT Roles 

A Time Based Customer Contract will apply where a deliverable or outcome is obtained via a supported ICT role using a maximum daily/hourly rate. 
Contractors have stipulated the ICT roles they can offer and can be accessed from the Contractor Catalogue

Outcome as a Service (OaaS)

Outcome as a Service (OaaS) refers to situations where contractors, for a fee, are responsible for providing end to end solutions. In this Request, this may cover the services within both category 2 and 3.  Some category 1 services may also be included within an OaaS offering.

All elements of the OaaS solution will be the responsibility of the contractor including all products and services required to deliver the OaaS.  

The contractor offering must not involve customers committing to:

  • Owning any proprietary Products during or at the end of the contract (e.g. owning hardware).
  • Signing any proprietary Product and Service licence agreements before, during or at the end of the contract (e.g. hardware maintenance agreements, software licence agreements, public cloud service agreements). This is a point of difference with the more commonly purchased cloud hosting and software as a service solutions.
  • Any residual components after the contract ends (e.g. a vendor committing to leasing equipment to provide a hosting environment and a cloud service).

Providing it does not conflict with the conditions above, contractor’s may:

  • Leverage ICT hardware, cloud services and/or software products to deliver an OaaS.
  • Allow customers to enter into service user agreements that underpin the use of software.

CUAICTS2021 does not include direct purchasing of software licenses, equipment, private, public or hybrid cloud hosting. Customers wanting these products and services will use other CUAs where they exist or source via the procurement methods set out in the Western Australian Procurement Rules.

Products or mixed products and services

Where a State agency is purchasing both products and associated services in the same procurement, they should be purchased in accordance with the procurement methods set out in the Western Australian Procurement Rules

Alternatively, if applicable, under these relevant CUAs: 

  • Computing and Mobile Devices CUACMD2014
  • Microsoft Licenses - Whole of Government CUA150910 
  • Oracle Products CUA0149312
  • Amazon Web Services CUAAWS2020

The following table provides guidelines for purchasing ICT products and services.

What do I need? ICTS2021
Maintenance and support services included in the purchase/agreement/license of the proprietary products. No
Maintenance and support services not included in the purchase/agreement/license of the proprietary products. Yes
Maintenance and support services for a software solution developed and owned solely by the agency. Yes

The Western Australian Procurement Rules or relevant CUAs should be used to procure licences and/or maintenance and support for proprietary software (i.e. as part of a proprietary software agreement).

ICT Services or GovNext-ICT?

The following table may be used as a guide to select between CUAICTS2021 - ICT Services and GovNext-ICT CUAGNICT2015. Where a service is listed as falling under both the ICT Services CUA and GovNext, agencies can choose to procure from either CUA (noting that the GovNext Service Catalogues are live documents for dynamic services and will change from time to time). 

Requirement ICT Services GovNext
I need to procure network infrastructure No Yes
I need to test / maintain my existing, self-managed network Yes No
I need to procure a firewall management service No Yes
I require assistance managing my existing, self-managed server infrastructure Yes Yes
I need to procure additional storage No Yes
I require support for my existing backup solution Yes Yes
I require a new backup-as-a-service solution No Yes
I require support managing my server operating systems, including licensing, asset management, installation and configuration management Yes Yes
I require support managing my desktop operating systems, including licensing, asset management, installation and configuration management Yes No
I require ICT project or advisory services Yes Yes
I require support developing my in-house application Yes No

ICT Services or Temporary Personnel Services?

The following table compares the features of CUAICTS2021 - ICT Services and CUATPS2019 – Temporary Personnel Service and may be used as a guide to select the most appropriate CUA:

ICT Service Temporary Personnel Services
The CUA is for Customers that require Outcome and Time Based ICT services. 
The CUA categories are: 
1.    ICT Planning, Consultancy and Advisory Services
2.    ICT Implementation Services 
3.    ICT Operations and Management Services
The CUA is for Customers that need an appropriately skilled temporary resource. This resource will be managed by the Customer and is not necessarily required to deliver a completed outcome. 
The CUA categories are: 
a).    Clerical and Administrative 
b).    Technical & Trades 
c).    Professional 
d).    Information & Communication Technology 
Contractors are expected to provide professional support to the individual allocated to the ICT role to enable them to deliver service outcomes for the customer. Contractors are not expected to provide professional support to the temporary personnel.
The responsibility for performance of the individual allocated to the ICT role resides with the Contractor. The responsibility for performance and outcomes of the personnel resides with the agency.
If the individual allocated to the ICT role ceases to be available during the term of the Customer Contract, the contractor will be required to offer a replacement with similar skillsets to complete the service delivery. Contractors are not obligated to offer replacement personnel.

For further information on the approved procedures for authorities subject to the Public Sector Management Act 1994 (PSMA) when establishing a contract for service, please see Public Sector Commission’s Approved Procedure 5 (AP5)

After I buy

Show more
  • Manage your contract term – keep an eye on Customer Contract expiry dates.
  • If you extend a Customer Contract, make sure that you obtain and keep a record of any internal approvals required by your agency.
  • Test the market on a regular basis to see what the other contractors on the CUA are offering.
  • Check invoices for accuracy before authorising payment.
  • Monitor contractor performance and deliverables.
  • Document any issues as they arise even if they are resolved. This will assist in ongoing supplier performance management.
  • If you encounter an issue and you are unable to resolve it directly with the contractor, please contact the contract manager.
Page reviewed 27 October 2021