[policy name] · web viewthis could include provision of asset management and/or asset...
TRANSCRIPT
NSW Government
Telecommunications: Expense
Management
V1.0
July 2016
Telecommunications – Expense Management
CONTENTS
1. CONTEXT 3
1.1. Background 3
1.2. Purpose 3
1.3. Scope and application 3
1.4. Policy context 3
1.5. The ICT Services Catalogue 4
2. KEY PRINCIPLES 4
3. REQUIREMENTS 5
3.1. Telecommunications Expense Management (TEM) service 5
3.2. Requirements table 5
3.2.1 Requirements table 6
3.3. Elements of this standard 7
3.3.1. Required NSW business outcomes 7
3.3.2. Service Management 8
DOCUMENT CONTROL 10
APPENDIX A – DEFINITIONS 11
APPENDIX B – ABBREVIATIONS 12
APPENDIX C – REFERENCES 13
APPENDIX D – STANDARDS 14
Developing technical standards 14
Management and implementation 14
Telecommunications – Expense Management
1. CONTEXT
1.1. Background This is a technical standard developed by the NSW ICT Procurement and Technical Standards Working Group. The standard contains technical and functional requirements that agencies should consider when procuring mobility services.
By defining the necessary and common elements across agencies, the standard provides an opportunity to leverage the buying power of Government as a whole, improve procurement efficiency and increase interoperability.
1.2. PurposeThe purpose of this standard is to assist NSW Government agencies to develop, procure and implement telecommunications expense managements, as well as take full advantage of their benefits. This standard also helps agencies procure in a strategic manner that reflects the NSW Government’s priorities as outlined in the NSW Government ICT Strategy.
This standard details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.
1.3. Scope and applicationThis standard applies to all NSW Government departments, statutory bodies and shared service providers. It does not apply to state-owned corporations, but is recommended for their adoption.
For the purpose of this standard, Telecommunications Expense Management (TEM) services are defined as having the elements set out at section 3.1.
This standard sets out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW ICT Services Catalogue. Agencies should consider any specific operational or regulatory factors that impact their requirements, and specific requirements they have in addition to those detailed in this standard.
1.4. Policy contextThe NSW Government ICT Strategy and Digital + 2016 Final Update set out the Government’s plan to: build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime; and to derive increased value from the Government’s annual investment in ICT.
Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, driven by the ICT Procurement and Technical Standards Working Group. These standards leverage principles defined in the NSW Government ICT Strategy and the NSW Government Cloud Policy, and they support the NSW ICT Services Catalogue.
The standards set out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies in line with the NSW Government ICT Strategy, and it signals government procurement priorities to industry.
Solutions should also assist agencies in their alignment with the NSW Government Enterprise Architecture (NSW GEA), which encompasses all aspects of enterprise architecture activity at
Telecommunications – Expense Management
the business, information, application and technology infrastructure layers. The NSW GEA is about providing direction and practical guidance to accelerate the development of agency EA capability and enabling a common, intra and inter agency approach to the design of digital government.
This standard should be applied along with existing NSW Government policies and guidance, including the NSW Digital Information Security Policy. More information on the process for the development of standards that populate the ICT Services Catalogue is at Appendix D – Standards.
1.5. The ICT Services CatalogueThis catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once against the standards. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.
Implementing this category management approach embeds common approaches, technologies and systems to maintain currency, improve interoperability and provide better value ICT investment across NSW Government.
2. KEY PRINCIPLES The following key principles underpin this standard:
Fit for purpose: TEM solutions should meet agency business requirements, and provide sufficient bandwidth for current and future applications. An effective TEM solution should ensure that only appropriate and approved expenses are paid by agencies, and that applicable statutory, regulatory, financial and reporting requirement are met.
Facilitating as a service: TEM solutions should facilitate the agency transition to as a service, and ensure agency alignment with broader NSW ICT Strategy.
Value for money: TEM solutions should deliver value for money, in line with the investment principles set out in the NSW Government ICT Investment Policy and Guidelines.
Fiduciary Responsibility : Effective TEM solution’s should cover a sound auditable process , including tendering, requisitions , purchase orders, goods receipt and payment .There are should be various methods of payment such as cash, cheque, corporate card, petty cash and electronic funds transfer. Each of these payment methods have differing risks, costs and benefits, which Agency employees must be well informed or educated.
Timely and Accurate: An effective TEM solution for agencies should ensure expenses are : promptly and accurately identified , approved by the authorised Agency delegate with appropriate authority, incurred in the name of the Agency/ entity for lawful and legitimate purposes only.
Contestability: An effective TEM solution must be subject to competitive and ethical procurement arrangement and processes.
Reporting and Monitoring: An effective TEM solution must provide accurate expense record and reporting in accordance with prescribed requirement .
Management should also implement monitoring controls to highlight or identify irregularities in the type or patterns of expenditure incurred by the Agency, for example, ongoing data analysis to identify unusual transactions or trends for follow up.
Telecommunications – Expense Management
3. REQUIREMENTS
3.1. Telecommunications Expense Management (TEM) service A TEM solution comprises a service that assists an Agency better understand its Telecommunications Agreements by:
ensuring services provided are ‘fit for purpose’; currently required/valid; and makes recommendations for improvements where appropriate.
Additionally services may provide Agencies with advice on telecommunications strategy and procurement requirements.
3.2. Requirements tableThe following table sets out the recommended business and technical requirements for NSW Government. It provides a consistent approach for all NSW Government agencies regardless of their size. Explanations for each element of table are provided at section 3.3.
Required Optional, but beneficial
Telecommunications – Expense Management
3.2.1 Requirements table
‘Use cases’ for Telecommunications – Expense Management (TEM) that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are marked in the columns.
Use Case / Scenario
Telecommunications Expense Management (TEM) Service Management
Audi
ting
and
Opti
misa
tion
Invo
ice
Ver
ifica
tion
Dash
boa
rd
Benc
hmar
king
Tele
com
mun
icati
ons
Anal
ytics
Stra
tegy
Dev
elop
men
t
Go to
mar
ket
enga
gem
ents
Prop
osal
Eva
luati
ons
Agen
cy fi
nanc
ial s
yste
m
inte
grati
on
Clou
d co
mpl
iant
hos
ting
faci
lity
NSW
Gov
ernm
ent D
ata
Cent
re
Serv
ice
leve
l m
anag
emen
t
Mul
ti-se
rvic
e br
oker
pr
ovisi
on
Telecommunications Expense Management (Silver Level Service) Telecommunications Expense Management (Gold Level Service)
6
Telecommunications – Expense Management
3.3. Elements of this standard
3.3.1. Required NSW business outcomes
Auditing and Optimisation
TEM solutions should allow for the review of historical data for inconsistencies and identify opportunities for future improvement of telecommunications expenditure at any time of a contract lifecycle to align all services to its lowest cost based on usage profile. Solutions need to demonstrate their ability to do this across multiple vendors’ solutions. All responses to market engagements must be able to demonstrate how their solution meets these requirements.
Invoice Verification
Solution providers will review Agency telecommunications invoices and verify them for correctness including ensuring the underlying service exists. Where there is concern about the need/usage of the service, these are to be raised with the Agency and joint or agreed action taken to resolve services that are no longer required/‘fit for purpose’. All responses to market engagements must be able to demonstrate how their solution meets these requirements and the options available to verify invoices accordingly.
Dash board
Provision of periodic (eg monthly) key performance indicators as agreed between the parties that could include spend, spend analysis, number of services, usage of services, services being used below expected levels (possible discontinuation opportunities), international roaming etc. Optionally this could include providing information (in relevant file format or other electronic means) to a central point for whole of Government comparison. All responses to market engagements must be able to demonstrate how their solution meets these requirements and the options available for including in any dash board.
Benchmarking
Determine the best level of market pricing offered by incumbent or proposed supplier(s) and negotiation pricing points. This should include provision of detailed and supported analysis that shows the relative position the agency current sits compared with peers for similar services consumed. All responses to market engagements must be able to demonstrate how their solution meets these requirements and the options available for use in benchmarking offers/options.
Telecommunications Analytics
Generate detailed statistics and information about current telecommunications usage and costs, to provide data driven analysis of how to reduce costs further. All responses to market engagements must be able to demonstrate how their solution meets these requirements and the options available for inclusion in telecommunication analytics.
Strategy Development
Solutions could include options to assist agencies in the development of telecommunications strategy. This could include provision of Asset Management and/or Asset Management Planning and recommendations on the cost benefit of retaining existing telecommunications infrastructure verse replacing it with alternatives. All responses to market engagements should describe how and to what extent their offering can assist agencies achieve this element.
Go to market engagements
Solutions could include options to assist agencies in the development of go-to-market engagements. All responses to market engagements should describe how and to what extent their offering can assist agencies achieve this element.
7
Telecommunications – Expense Management
Proposal evaluation
Solutions could include options to assist agencies in the evaluation of proposals received. All responses to market engagements should describe how and to what extent their offering can assist agencies achieve this element.
Agency Financial System Integration
Solutions should be able to integrate with Agency financial systems to provide seamless information sharing across an agency. All responses to market engagements should identify what systems they can integrate with and to what extent integration is available.
3.3.2. Service Management
Cloud compliant hosting facility
Any relevant cloud services for the solution must be provisioned from a compliant hosting facility. Compliant hosting is defined as having the following attributes and/or capabilities:
The location of the hosting facility must be identified either by name and/or location (city and country) in any response.
The hosting location cannot be changed without first informing the agency concerned.
The service provider undertakes, maintains and provides access to SSAE 16 Service Organization Control (SOC) Type II reports (or equivalent) for the services and facilities in scope for the engagement.
The hosting facility must comply with minimum Tier 3, as defined by the Uptime Institute, ANSI TIA-942, or an equivalent industry standard.
The hosting facility must be certified against to the ISO 27001 standard; compliance with the following international standards is desirable:
o ISO 9001
o ISO 27002
o ISO 20000-1:2011
o ISO 14001
Other desirable certifications may include, but are not limited to:
o PCI-DSS v3.0 or later
o Australian Signals Directorate
o ASIO-T4
o Uptime Institute
o CSA
Also consider contractual obligations relating to the service provider allowing security assessments and treatment of outcomes as agreed with the client.
If the hosting facilities changes to a location that is deemed unacceptable either to NSW Government or to the agency and/or loses attributes and/or capabilities identified above, the agency may need to consider termination of services.
NSW Government Data Centre
Any relevant services for the solution must be provisioned from one or both NSW Government Data Centre (GovDC). Depending on the service offering and agency requirements, it may be possible to ‘burst’ some elements of services to other location(s) subject to agreement with the commissioning agency.
8
Telecommunications – Expense Management
Burst data centres must be deemed ‘compliant’. If the ‘burst’ data centre facilities change to a location that is deemed unacceptable either to NSW Government or to the agency, the agency may need to re-examine the ‘burst’ service or the full service.
Onshore/offshore management
All solution providers must be able to articulate where the connected service(s) and any remote support services will be provided from. For example, with a ‘follow the sun’ support model, the locations of each of their support sites around the globe need to be identified. Any changes to these need to be communicated to the customer agency promptly and if this causes issues, the agency has the right to cancel the service with appropriate notification.
Service level management
Agencies will retain ultimate responsibility for service level management in any solutions engagement, which would ordinarily be covered by a SLA. Agencies, service-brokers and solution providers need to agree all SLA reporting and other related activities as part of any transition-in process.
Multi-service broker provision
Any solution provider must work within the confines of a multi-service provider environment where either the agency or nominated provider will perform broker service provision. This will be defined as one provider being made accountable for the provision of all associated services, whether these are provided by the provider itself, or other third-party providers.
9
Telecommunications – Expense Management
DOCUMENT CONTROL
Document historyStatus: Released
Version: 1.0
Approved by: Executive Director, ICT Policy & Innovation
Approved on: 28 July 2016
Issued by: ICT Policy and Innovation
Contact: IDG Policy and Innovation, Department of Finance, Services & Innovation (DFSI)
Email: [email protected]
Telephone: (02) 9372 7445
Review This standard will be reviewed as required.
10
Telecommunications – Expense Management
APPENDIX A – DEFINITIONS
Term Definition
11
Telecommunications – Expense Management
APPENDIX B – ABBREVIATIONS
AIIA Australian Information Industry Association
AMQP Advanced Message Queuing Protocol
APN Access Point Names
ASCII American Standard Code for Information Interchange
ASD Australian Security Directorate
ASIO Australian Secret Intelligence Organisation
BCM Business Continuity Management
BLE Bluetooth Low Energy
BYOD Bring Your Own Device
CMIS Content Management Interoperability Services
CMS Content Management System
CSA Canadian Standards Association
FTP File Transfer Protocol
GovDC Government Data Centre
ICT Information & Communication Technology
IoT Internet of Things
ISO/TC International Organization for Standardization / Technical Committee
IT Information Technology
LDAP Lightweight Directory Access Protocol
MQTT Message Queuing Telemetry Transport
NFC Near Field Communications
OCR Optical Character Recognition
OS Operating System
PCI-DSS Payment Card Industry – Data Security Standard
PoF Pool of Funds
PTS Procurement & Technical Standards
QR Quick Response
SOA Service Oriented Architecture
SOAP Simple Object Access Protocol
SSO Single Sign On
12
Telecommunications – Expense Management
APPENDIX C – REFERENCES Agencies should have regard to the following statutes, NSW Government policies and standards:
AS/NZS ISO 31000 Risk management – Principles and guidelines Electronic Transactions Act 2000 Government Information (Public Access) Act 2009 Health Records and Information Privacy Act 2002 ISO 27031-2011 Information technology – Security techniques – Guidelines for information and
communication technology readiness for business continuity ISO 27001 Information technology – Security techniques – Information security management
systems – Requirements NSW Government Digital Information Security Policy NSW Government Open Data Policy NSW Government Cloud Policy NSW Government Standard for Data Quality Reporting NSW Government ICT Strategy NSW Government Implementation Update 2013-14 NSW Government Digital + 2016 Final Update NSW Government Information Classification, Labelling and Handling Guidelines NSW Government Investment Policy and Guidelines NSW Procurement: Small and Medium Enterprises Policy Framework Privacy and Personal Information Protection Act 1998 Public Finance and Audit Act 1983 Public Interest Disclosures Act 1994 State Records Act 1998 TPP 09-05 - Internal Audit and Risk Management Policy for the NSW Public Sector
13
Telecommunications – Expense Management
APPENDIX D – STANDARDS
Developing technical standardsDevelopment of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).
The following diagram outlines the process.
The ICT Procurement and Technical Standards Working Group (PTS Working Group) is chaired by the Department of Finance, Services & Innovation (DFSI) and includes senior representation from across NSW Government.
Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements.
The PTS Working Group is supported by two sub-groups responsible for the areas of Telecommunications and Services and Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.
Management and implementationThere is scope to modify standards through the NSW Government ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.
This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.
NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue.
14
Need for new or amended standard
identified
Standard developed (Industry/agencies
consulted)
Standard approved and released by PTS
Working Group
Market engagement for services which meet the standard
Services added to Catalogue
Business requirements change