Queensland Government Enterprise Architecture

Procurement and disposal of ICT products and services (IS13)Implementation guideline

Final

June 2017

v1.0.7

PUBLIC

QGEA PUBLIC IS13 Implementation guideline

Document detailsSecurity classification PUBLIC

Date of review of security classification August 2017

Authority Queensland Government Chief Information Officer

Author Queensland Government Chief Information Office/ICT Strategic Sourcing

Documentation status Working draft Consultation release Final version

Contact for enquiries and proposed changesAll enquiries regarding this document should be directed in the first instance to:

Queensland Government Chief Information Officeqgcio@qgcio.qld.gov.au

AcknowledgementsThis version of the Procurement and disposal of ICT products and services (IS13) implementation guideline was developed and updated by Queensland Government Chief Information Office and ICT Strategic Sourcing (Department of Science, Information Technology and Innovation).

Feedback was also received from a number of departments, which was greatly appreciated.

CopyrightProcurement and disposal of ICT products and services (IS13) implementation guideline

Copyright © The State of Queensland (Department of Science, Information Technology and Innovation) 2017

Licence

This work is licensed under a Creative Commons Attribution 4.0 International licence. To view the terms of this licence, visit the Creative Commons website. For permissions beyond the scope of this licence, contact qgcio@qgcio.qld.gov.au.

To attribute this material, cite the Queensland Government Chief Information Office.

Information securityThis document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as PUBLIC and will be managed according to the requirements of the QGISCF.

Final | v1.0.7 | August 2017 Page 2 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

Contents1 Introduction.............................................................................................................................

1.1 Purpose...........................................................................................................................

1.2 Audience..........................................................................................................................

1.3 Scope...............................................................................................................................

1.4 QGEA domains................................................................................................................

2 Background.............................................................................................................................

3 Conduct forward procurement planning..............................................................................

3.1 Departmental planning....................................................................................................

3.2 Legislative and policy framework.....................................................................................

3.3 Alignment of planning......................................................................................................

3.4 Succession planning........................................................................................................

3.5 Economic, environmental and social procurement objectives.........................................

3.6 Potential future procurements.........................................................................................

3.7 Significant procurement planning....................................................................................

3.8 Investment review............................................................................................................

4 Conduct effective procurement process..............................................................................

4.1 ICT program and project assurance framework..............................................................

4.2 Procedures......................................................................................................................

4.3 Staff training...................................................................................................................

4.4 Queensland Government QTenders..............................................................................

4.5 Queensland Contracts Directory...................................................................................

4.6 Category management..................................................................................................

4.7 Queensland Government Enterprise Architecture (QGEA) policy.................................

5 ICT industry development....................................................................................................

5.1 ICT SME participation scheme policy............................................................................

5.2 Early market engagement.............................................................................................

5.3 Principles of engagement..............................................................................................

5.4 Market sounding............................................................................................................

5.5 Devolution of procurement decisions............................................................................

6 ICT product lifecycle and services management..............................................................

6.1 ICT resource lifecycle....................................................................................................

6.2 Protection of resources..................................................................................................

Final | v1.0.7 | August 2017 Page 3 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

6.3 Maintenance contracts..................................................................................................

6.4 Warranty........................................................................................................................

6.5 Service agreements.......................................................................................................

6.6 Management and removal of information......................................................................

6.7 Delegation......................................................................................................................

6.8 Supervision and authorisation.......................................................................................

6.9 Strategies for disposal...................................................................................................

6.10 Legislative and regulatory obligations...........................................................................

Final | v1.0.7 | August 2017 Page 4 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

1 Introduction

1.1 PurposeThis guideline provides information and advice for Queensland Government departments to consider when implementing the policy requirements of the Procurement and disposal of ICT products and services (IS13) policy. These guidelines do not form the mandatory component of the policy and are for information only. While some information communicates other mandatory obligations which may be relevant in the context of the policy (e.g. legislation), departments are strongly recommended to further investigate these obligations in light of their own business requirements, and seek legal/expert advice where necessary.

1.2 Audience This document is primarily intended for departmental staff working in the areas of procurement, general ICT and project management.

The policy applies to all Queensland Government departments and other Queensland Government entities which are in scope for applicability of the Queensland Government Enterprise Architecture (QGEA).

1.3 ScopeThis implementation guide supports the Procurement and disposal of ICT products and services policy (IS13).

1.4 QGEA domainsThis guideline relates to the following QGEA domains:

Classification framework Domain

Business Services SL-2.1.7 – Strategic planning

SL-2.5.1 – Information Communication Technology

Business Process BP-9.1.3 – Plan and forecast information technologies

BP-11.7.2 – Manage agency contractual issues

BP-11.4.1 – Manage industry relationships

BP-10.6 – Manage physical resources

2 BackgroundDepartments are increasingly dependent on ICT for many aspects of service delivery. This reliance on ICT is reflected in the magnitude of government expenditure on ICT products and services and their procurement.

Final | v1.0.7 | August 2017 Page 5 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

The Government also recognises the need for a strong and vibrant ICT industry within Queensland and acknowledges the impact that ICT may have on the environment at the end of its effective lifecycle.

With this in mind, departmental ICT resources must be: procured as part of a planned strategy and managed environment managed in an effective, sustainable manner that maximises value for money and

mitigates risk aligned with the Queensland Commission of Audit recommendations (2012) and the

outcomes of the Queensland Government ICT Strategy 2013-17 and associated Action Plan which advocates strategically sourcing ICT as-a-service as the primary option while divesting existing assets.

sourced, especially commoditised services, from private providers in a competitive market where this is feasible and represents value for money

aligned with the Office of the Chief Advisor – Procurement (OCA-P), Department of Housing and Public Work’s (DHPW) Category Management Framework

sourced from the local ICT industry whenever possible without prejudicing product quality and competitiveness, while meeting the department’s requirements under Australia’s free trade agreements

recycled or disposed of in an accountable, cost effective and environmentally friendly manner.

3 Conduct forward procurement planning

3.1 Departmental planningTo ensure the effectiveness of the ICT resource planning process, each department should ensure the following: the departmental ICT resources strategic plan must comply with all legislative, policy,

human resource administrative and regulatory obligations as outlined in the ICT resources strategic planning (IS2) policy

when developing the departmental strategic procurement plan, departments will use their best endeavours to do business with ethical and socially responsible suppliers, and will seek to influence the supply chain in this regard for its ICT resources. This may include considering the sustainability credentials of suppliers, to ensure they are ethically and socially responsible.

Clause 20 of the Queensland Procurement Policy (QPP) provides that Queensland Government procurement planning will be integrated at all levels, consisting of the State Procurement Plan, State Category Plans, Department Procurement Plans and Significant Procurement Plans to drive accountability and delivery of best procurement outcomes

strategic planning lead times should be sufficient to ensure that:– the ICT industry is given forward notice of the department’s significant ICT

resource requirements– significant procurement plans can be prepared for all high value or high risk ICT

resource requirements before the procurement process– ICT investment reviews are undertaken for any ICT procurement activity that falls

within the review scope

Final | v1.0.7 | August 2017 Page 6 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

3.2 Legislative and policy frameworkQueensland Government departments are required to undertake ICT strategic planning as set out in the mandatory requirements of the ICT resources strategic planning (IS2) policy.

Additionally, clause 22 of the QPP requires departmental procurement planning, at both the departmental level and for the individual significant procurements, to take account of the QPP and relevant State Category Plans. Where appropriate departments should prepare significant procurement plans for any goods, services and capital projects that it identifies as being high expenditure or for which there is a high degree of business risk.

3.3 Alignment of planningWell-aligned strategic procurement planning processes ensure that, with the exception of emergent needs, all high value or high risk ICT procurement activities are identified, planned and implemented using the most effective procurement approach. Additional information on the nature of high value, high risk procurement is available from OCA–P.

For further information on planning, refer to the ICT resources strategic planning (IS2) policy .

3.4 Succession planningAs part of the strategic planning process, departments should consider human resource issues relating to succession planning. Refer to the ICT resources strategic planning (IS2) policy with regard to the ICT planning process generally.

3.5 Economic, environmental and social procurement objectivesUnder Principle 4 of the QPP, departments are required to use procurement to advance the government’s economic, environmental and social objectives and support the long-term wellbeing of our community; specifically we:

do business with ethical and socially responsible suppliers.

consider government’s objectives from a whole-of-government and category perspective, prioritising these for application in our procurement decision making.

Additional information is available from the QPP implementation documents and DHPW’s sustainable procurement guides .

3.6 Potential future procurementsUnder clause 3 of the QPP , agencies are required to use the QTenders website to publish notices of potential future procurements, where the department has determined this will be of benefit to either the department or supply market. These measures help industry to better plan for future tender opportunities and have the right staff available to participate in the tender when the opportunity arises.

3.7 Significant procurement planningUnder clause 24 of the QPP, departments are encouraged to prepare significant procurement plans for goods and services that the department has identified as being high expenditure and/or having a high degree of business risk (these plans combine supply market analysis and a department’s demand requirements to inform the best approach to procuring the relevant goods or services).

Final | v1.0.7 | August 2017 Page 7 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

Supply market analysis enables the department to get to know and understand how the market works, the direction in which it is heading, the key suppliers and the value they place on the department as a customer.

Further details of ICT procurement, planning, risk management and market analysis can be found in the Procurement guidelines which include: Better practice guide for early engagement with the ICT Industry Procurement guidance: supply market analysis .

3.8 Investment reviewThe Queensland Government ICT Investment Review process supplements department ICT governance arrangements with independent reviews at set points within the initiative lifecycle. ICT Investment Review replaced the Peer Review process and: streamlines and integrates governance arrangements reviews and aligns ICT investments to support government strategic direction ensures appropriate assurance is being applied reduces the causes of project failure and delivers improved ICT outcomes through the

application of independent gated reviews and segmented funding.

ICT Investment Review ensures appropriate assurance is being applied and strategic and policy alignment occurs. Additionally the process supports increased visibility of the initiative outcomes, input requirements and potential multi-department synergies.

Departments are required to perform an assessment of initiatives against a set of pre-defined criteria. The extent of the additional governance required by the Investment Review will be determined based upon the identified levels of business criticality and risk.

Further details on the ICT Investment Review can be found on the QGCIO portal site (Queensland Government employees only, alternatively email ICTinvestmentreview@qgcio.qld.gov.au for information on the investment review process and the associated forms required for submission.

4 Conduct effective procurement processAt a minimum, departments should ensure the following: end user, ICT professional and procurement professional expertise must be accessed

during the planning and implementation phases of the procurement process for all high value or high business risk goods and services

procurement professionals involved in ICT procurement must be trained in the use of the Queensland Information Technology Contracting (QITC) framework to a level commensurate with the value and business risk of the procurement activity

non-procurement professional staff involved in ICT procurement must have received fundamental training in procurement policy and procedures commensurate with the value and business risk of the procurement activity

a value risk approach to the procurement of ICT products and services is adopted using the contract type decision tool in addition to other tools, such as the procurement Value Risk Assessment tool for category, sourcing and contract management activities.

Additional information is available at www.qld.gov.au/supplyICT

Final | v1.0.7 | August 2017 Page 8 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

4.1 ICT program and project assurance frameworkThe Queensland Government endorsed the ICT program and project assurance policy and framework in February 2014 as the new minimum standards for project initiation, evaluation, procurement and assurance across the Queensland public sector. Departments should ensure that the project management approaches identified in the ICT program and project assurance policy underpin the procurement processes.

4.2 ProceduresDepartment procurement procedures are department specific procedures, which set out how procurement activities are to be conducted in compliance with the QPP and other legislation, policy and agreements, including but not limited to: Australia–Chile Free Trade Agreement ( http://www.dfat.gov.au/fta/aclfta/ ) Australia–United States Free Trade Agreement ( http://www.dfat.gov.au/fta/ausfta/ ) Japan–Australia Economic Partnership Agreement ( http://www.dfat.gov.au/fta/jaepa/ ) Korea–Australia Free Trade Agreement ( http://www.dfat.gov.au/fta/kafta/ ) Australian and New Zealand Government Procurement Agreement

( http://www.apcc.gov.au/SitePages/Procurement.aspx ) China-Australia Free Trade Agreement

(http://dfat.gov.au/trade/agreements/chafta/Pages/australia-china-fta.aspx National Competition Policy and related legislation and agreements including the

Competition and Consumer Act 2010. ICT procurement must comply with the requirements of the ICT SME participation

scheme policy and standard. due regard must be given to relevant Information Standards, as outlined in clause 4.8,

during the specification development and implementation phase of the ICT procurement process for products and services.

Further detailed information concerning ICT procurement processes can be found at ICT procurement.

The Queensland Government has established the Queensland Information Technology Contracting (QITC) framework as the cornerstone of government procurement for ICT products and services.

For further detailed information concerning procurement best practice process, tools and templates, refer to the Queensland Government Procurement website.

Departments are reminded that: The QITC framework is the basis for all contracts established for the procurement of

ICT products and/or services. They must use the DHPW General Contract Conditions template for the engagement of

ICT contingent labour services, i.e. contractors, as this has been adopted in alignment with other contingent labour categories. Therefore, QITC should not be used for this type of procurement.

Suppliers of ICT products and services are required to hold industry accreditation and nominate their willingness to contract under the standard general and/or comprehensive contract types under the QITC framework. Departments are able to identify accredited suppliers and their nomination to use the standard general and/or comprehensive contract types using the industry accreditation portal.

Final | v1.0.7 | August 2017 Page 9 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

ICT procurement procedures and processes must be consistent with, and reference QITC and must be readily available to all staff involved in the procurement and/or purchase of ICT products and services.

The QITC framework is managed by ICT Strategic Sourcing within DSITI and further information is available on the QITC website.

4.3 Staff trainingTo be effective, procurement professionals involved in the procurement of ICT products and services should be trained in the use of the QITC framework to ensure that it is appropriately deployed by departments at all stages of the procurement activity, not just during contract formation.

Departments should also ensure that any non-procurement professional staff involved in the procurement process or purchase are familiar with their departmental procurement procedures. This is to ensure that operational staff comply with and defer to best practice procurement.

Departments should ensure that a level of procurement skill is maintained that is commensurate with the size and complexity of their ICT profile. DHPW’s Skills2Procure training program provides agencies with access to both formal courses through the traditional Procurement Certification Program, and practical learning and development opportunities delivered through a new Critical Skills Boost Program for procurement.

Further information can also be sourced through the Procurement guidelines issued by DHPW.

4.4 Queensland Government QTendersTo streamline the procurement of ICT products and services by reducing the time and costs involved, a range of facilities for electronic procurement have been developed to support departmental procurement.

The Queensland Government QTenders website includes a web-based electronic tender system that allows departments to publish forward notices of upcoming tender opportunities, release invitations to offer and to receive tender responses from prospective suppliers.

4.5 Queensland Contracts DirectoryDHPW manages the Queensland Contracts Directory.

Departments should review the Queensland Contracts Directory (Queensland Government employees only) to ensure that, wherever possible, they use appropriate aggregated supply arrangements across departments or at the whole-of-government level.

The QPP requires agencies to publish basic details for awarded contracts over $10,000 and additional contract details for contracts awarded of $10 million and over, in accordance with the Contract Disclosure Guidelines issued by the Director-General, DHPW. Procurement method is only required to be disclosed for contracts of $500,000 and over. While all DHPW’s resources and templates default to ‘inclusive’ and ‘exclusive’ of GST pricing, departments may wish to determine a specific position on this GST issue on a case-by-case basis.

Final | v1.0.7 | August 2017 Page 10 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

Clause 4 of the QPP requires all agencies to ensure the Queensland Contracts Directory is maintained and up to date, departments should complete details of contracts and arrangements as required by the site. This will allow departments to: have a reference tool that can be used to consider opportunities for cost reduction aggregate expenditure by establishing and using lead department or whole-of-

government arrangements avoid unnecessary tendering activities by using existing arrangements and contracts use the learnings gained through the establishment and management of existing

supply arrangements when developing new contracts or arrangements for similar goods and services

all Queensland Government employees have access to the full version of the Queensland Contracts Directory, the public has restricted access to the Queensland Contracts Directory.

4.6 Category management Clause 4.2 of the QPP encourages the consideration of government objectives from a whole-of-government and category perspective.

This has been strengthened by OCA–P’s establishment of a Category Management Framework based on six mega-categories of government expenditure, one of which is ICT.

Category management involves understanding expenditure in a specific buying category with the intent of ensuring: business needs are optimised (holistically) markets are analysed and understood the risk in the procurement are identified and mitigated identification of how to best leverage value for money and commercial outcomes suppliers are actively managed to deliver ongoing value for money outcomes.

Within the ICT mega category there are 4 key categories of expenditure: ICT services telecommunications software hardware

These categories can be further broken down into sub categories and it is at this level that departments who have notable expertise and a significant procurement capability in a specific sub category will be encouraged to be the sub category lead for whole of government. An example would be the Department of Education, Training and Employment being the Hardware sub category lead for personal computers.

For more information on the Category Management Framework, contact betterprocurement@hpw.qld.gov.au

4.7 Queensland Government Enterprise Architecture (QGEA) policyThese standards cover a range of subjects relevant to the development of tender specifications through to the development and implementation of ICT systems and databases. Current QGEA policy and information standards can be viewed on the QGCIO website.

Relevant policies and information standards include:

Final | v1.0.7 | August 2017 Page 11 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

ICT SME participation scheme policy and standard ICT resources strategic planning (IS2) policy Information Security (IS18) Retention and Disposal of Public Records (IS31) Recordkeeping (IS40) Information Asset Custodianship (IS44) ICT program and project assurance policy and framework Cloud computing strategy and implementation model ICT as-a-service policy Procurement related information privacy issues should reflect the requirements of the

Information Privacy Act 2009.

5 ICT industry developmentDepartments should consider the following when planning or conducting ICT procurement activities: existing procurement obligations with regard to other legislation, policy and agreements

at a national and international level are met, refer to clause 4.2. forward procurement notice is given to industry through placement of notices on the

Queensland Government QTenders website and via Partners in Technology briefings as coordinated by DSITI

ICT procurement is consistent with and meets the requirements of the ICT SME participation scheme policy and standard

the QGCIO ICT Investment Review process (Queensland Government Employees only) to provide briefings on departmental ICT issues and initiatives requiring consideration by DG Council or the Cabinet Budget Review Committee (CBRC)

departmental procedures include content informing staff involved in the purchase of ICT resources of the advantages of: – early market engagement– consultation with mega category/category managers within ICT Strategic Sourcing

within DSITI.

5.1 ICT SME participation scheme policyThis policy ensures that departments adopt a consistent procurement process to ensure effective engagement with the ICT industry and specifically with small to medium sized enterprises (SMEs).

SMEs contribute significantly to the Queensland economy, and the Queensland Government is committed the assisting SMEs to access and win government business for the supply of ICT products and services.

Additional information on specific aspects of the scheme, are outlined in the ICT SME participation scheme policy and associated standard .

5.2 Early market engagementThe Industry Engagement team within DSITI’s ICT Strategic Sourcing was established to develop better relationships between departments and the ICT industry and to provide support and advice to departments undertaking significant ICT resource initiatives. Additional information is available at the DSITI website.

Final | v1.0.7 | August 2017 Page 12 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

Early market engagement is a strategic and collaborative approach for Queensland government departments to gather valuable intelligence in relation to the high level aims of large scale and high investment programs. The Queensland Government can benefit from suppliers’ knowledge of markets and trends and understand the capability and capacity of suppliers before developing their procurement strategy and requirements.

From the Queensland Government’s perspective, early engagement with ICT suppliers is an important step in the program process. Early engagement, within the bounds of probity, ensures that the buyer makes a fully informed decision so that the right supplier is chosen to provide the right service while maximising buying power and minimising risk. Departments should consider the value of the engagement relative to the availability of resources to conduct the engagement process.

DSITI’s ICT Strategic Sourcing unit has prepared the Better Practice Guide for Early Market Engagement with the ICT industry

5.3 Principles of engagementDepartments should be aware that the Australian Government has developed the Government and Industry Principles of Engagement on ICT which outlines expected standards and behaviours. The Queensland Government supports the principles and is helping to promote them in the state.

5.4 Market soundingThe market sounding approach develops market awareness to the stage where specific potential providers are ‘sounded out’ to determine their views of potential solutions. Departments may face the need for market sounding at a program level to assess the reaction of the market to a proposed requirement and procurement approach. It is important not to enter into any agreements with suppliers at either the early market engagement or the market sounding phases. Staff must be aware of any implied meaning in verbal statements made by them or offered by suppliers.

Additional information is also available in the revised procurement guidelines on Supply market analysis, which are available on the Housing and Public Works website .

5.5 Devolution of procurement decisionsUnder the QPP, low value and low business risk procurement should be delegated to a level closest to the geographical location where the product or service is to be supplied (except where limited by whole-of-government requirements and/or common-use supply arrangements established under the QPP).

When a department with regional offices is establishing an arrangement for the supply and support of ICT equipment, it must require the preferred supplier/s to channel products and services through companies based in the region which are capable of meeting the requirement with economy and efficiency.

6 ICT product lifecycle and services managementWhen disposing of ICT products and services, departments should consider the following: maintenance contracts, warranties, service level arrangements and disposal processes

must be consistent with departmental and whole-of-government ICT procurement policies, strategies and directions and meet specific departmental requirements

Final | v1.0.7 | August 2017 Page 13 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

disposal cannot be conducted without approval from the accountable officer or delegated personnel

disposal must be supervised and certified upon completion by a person delegated by the accountable officer

Information Security (IS18) requirements must be met before disposing of the asset (or before trade-in) and, based on the sensitivity of data, an appropriate method must be used to remove data from the ICT resource

a variety of disposal strategies must be provided to meet differing circumstances, based on the relative value of the ICT resource and the efficiency and cost-effectiveness of the disposal process. For example, recycling within the department or across government, trade-in, and donation to community or non-profit organisations or by sale to the public through tender or auction

due consideration is given to applying recycling strategy and adopting environmentally sensitive disposal practices to minimise the impact of ICT assets and resources

the disposal process is seen to be fair, equitable and open and does not favour departmental employees.

6.1 ICT resource lifecycleAn ICT resource lifecycle approach requires effective management of an asset throughout its useful life. Good business practice requires that ICT resources are appropriately secured, maintained and used for the purposes intended, periodically accounted for, assessed to ensure their continued value to the organisation and disposed of in an accountable, cost-effective and environmentally friendly manner.

6.2 Protection of resourcesDepartments need to ensure that adequate policies and processes are in place to protect their ICT resources and the information and data contained on them during any maintenance process. These processes should be reviewed regularly as new technologies are introduced and then implemented accordingly.

6.3 Maintenance contractsDepartments should base their decision as to whether to enter into a maintenance contract on consideration of cost justification versus risk.

Detailed information on the QITC framework is available on the Queensland Information Technology Contracting (QITC) framework website.

Further information regarding the variations that departments need to consider in managing maintenance contracts and warranties can be found on the DHPW’s website under the Capital Works Management Framework and the Maintenance Management Framework.

When assessing and developing maintenance processes, departments should refer to the following Information Standards and accompanying Guidelines: Information Security (IS18) Recordkeeping (IS40) Retention and Disposal of Public Records (IS31) .

Privacy requirements should be addressed within the context of the Information Privacy Act 2009 .

Final | v1.0.7 | August 2017 Page 14 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

6.4 WarrantyWarranties may be offered as an extension of warranty arrangements on ICT products at the time of purchase. Although this may increase the initial purchase price of the item, there may be longer-term savings by not having to pay an annual maintenance fee.

6.5 Service agreementsService or operating level agreements (SLAs or OLAs) are essential in ensuring that both departmental and service providers have a clear understanding of their respective commitments associated with the terms and conditions of any ICT maintenance agreement. Information relating to any warranty or maintenance agreements could be held as part of the department's resource register.

6.6 Management and removal of informationOver time, departments will gather a considerable amount of information that can be both significant and sensitive. It is necessary to ensure that information and records are appropriately managed and removed when a decision has been taken to dispose of an asset.

To ensure information and records are appropriately managed, departments should refer to Information Standards on Retention and Disposal of Public Records (IS31) and Recordkeeping (IS40) before undertaking ICT resource disposal processes.

Information Security (IS18) provides details on requirements for managing the disposal of ICT resources. Information concerning processes for maintenance and disposal of equipment and media can be found in the Equipment and Media Disposal Reference Sheet located in the Information Security Implementation Toolbox.

The provisions of the Information Privacy Act 2009 should be used to guide the development of processes for disposal.

6.7 DelegationDepartments should refer to the information on disposal of assets provided on the Department of Housing and Public Works website as well as local departmental delegation policy to determine departmental processes for the disposal of ICT resources. Under the provisions of Sections 15(1) (c) and 23(2) (a) of the Financial and Performance Management Standard, 2009, responsibility for the disposal of surplus resources rests with the accountable officer or delegate of the department. Surplus resources should only be sold, traded in or otherwise disposed of with the approval of the accountable officer and in the manner specified by that officer or delegated officer.

6.8 Supervision and authorisationTo ensure that resources and any residual information contained on ICT resources is rendered inoperable or retained as required, departments should develop procedures to authorise and verify that the appropriate action has been undertaken and is satisfactorily completed. Information Security (IS18) provides guidance when assessing and developing such processes.

Final | v1.0.7 | August 2017 Page 15 of 16PUBLIC

QGEA PUBLIC IS13 Implementation guideline

6.9 Strategies for disposalICT products represent a considerable investment and their disposal requires special consideration. Generally, the time to assess disposal options should coincide with forward procurement planning. Departments should consider a number of options, including: recycling disposal within government trade-in disposal outside government (e.g. auction) buy-back.

Ensure to review the Queensland Contracts Directory for any disposal / auction arrangements for disposal of government assets.

Where appropriate, departments should consider publishing information about disposals to provide access to members of the public wishing to tender for the ICT resources. Given the increasing importance of environmental issues departments should consider disposal strategies which minimise the impact of ICT resources on the environment.

6.10 Legislative and regulatory obligationsDepartments should ensure that all legal and regulatory obligations under which they operate are observed when conducting procurement processes. In particular, departments should refer to the following within the general context of due diligence, accountability and probity: Information Privacy Act 2009 Public Records Act 2002 Public Sector Ethics Act 1994 Queensland Procurement Policy 2013 ICT resources strategic planning (IS2) policy Information security (IS18) Retention and disposal of public records (IS31) Recordkeeping (IS40) .

Departments should also refer to any accompanying guidelines for each as well as other legislation, regulatory or procurement requirements that apply at the departmental level.

Final | v1.0.7 | August 2017 Page 16 of 16PUBLIC