The State Services Commission (SSC) has released the final version of its advice to government agencies considering offshoring ICT contracts.
Last month, the SSC's interim guidance paper on offshoring was criticised by a number of vendors who said it could be interpreted as "protectionist".
"The guidelines do not consider the international perception risk associated with a policy that actively discourages international trade in the form of the offshoring of ICT services, Unisys New Zealand managing director Brett Hodgson told the Dominion Post. "This could give rise to perceptions amongst trading partners of a 'protectionist' attitude, thereby undermining New Zealand's credentials as an advocate of free trade in international forums."
According to a State Services Commission blog post accompanying the release of the final policy, vendors were "generally supportive of the work but were concerned that it was risk— rather than benefits-focussed".
"They felt it could be used as an excuse for avoiding not just any consideration of offshore suppliers but even consideration of locally-based offices of international companies. We have acknowledged that concern," the post says. As a result, the commission has changed the document's title to reflect the document’s scope. "We’ve increased the information about agencies’ responsibilities to conduct open and transparent procurements in accordance with the Mandatory Procurement Rules, New Zealand’s international treaty obligations and other good practice advice from the Ministry of Economic Development and the Office of the Auditor General," the post says. "The stronger language in the introductory sections emphasises our focus on managing the risks." SSC says the advice does not introduce new policy nor any new requirements for agencies. "It provides information to help agencies meet their obligations under existing procurement policies, international obligations, the Public Finance Act, the Privacy Act and the Public Records Act," its blog post, by Lindy Siegert, says.
The policy itself, titled "Government use of offshore information and communication technologies (ICT) service providers: Advice on risk management", says government is a steward of information and data on behalf of New Zealanders.
"Stewardship requires an informed balance between sometimes competing drivers. Advances in technologies such as software-as-a-service, cloud computing, cost advantages of offshore service centres, or access to expertise and its transfer can make the use of offshore information and communication technologies (ICT) providers very attractive," it says.
"Conversely, agencies may dismiss potential opportunities to take advantage of these offerings because of uncertainty about their ability to meet obligations under legislation, regulation or policy."
The document says i does not seek to prohibit the use of offshore ICT service providers.
"Whether the use of an offshore provider is desirable is ultimately a fact-specific decision for individual agencies. This Adviceaims to assist agencies in making their own decisions. Some of the advice is not unique to offshore outsourcing but also applies to outsourcing within New Zealand, particularly if the contractor is foreign owned or a target for foreign ownership," it says.
The advice provides agencies with information about possible risks related to transferring or processing government information offshore and provides approaches to mitigating and managing those risks.
The advice does not apply to contracting for software development or similar activities, it says, if they do not involve either transferring government information offshore. Formal secure networks are also excluded.
The risks posed by offshoring, according to the advice, inlude loss of control, loss of privacy and security and jurisdictional issues.
"Offshoring data or data processing and management services can limit the control that government agencies have over the quality and type of services provided. Foreign service providers, industry, infrastructure services and governments can exert influence over the way services are delivered, developed and protected. Government agencies are likely to have less control over data held offshore than over data held in New Zealand," the advice says.
It says offshoring may make it difficult or impossible for agencies to monitor and manage security and privacy effectively.
"In some circumstances, foreign law may enable another government to gain access to private New Zealand information and services without the knowledge or authorisation of the New Zealand government. Some foreign legislation may preclude notification to clients if the foreign government agencies access those clients’ data," it says.