Procurement and disposal of ICT products and services implementation guideline

Introduction

Purpose

This guideline provides information and advice for Queensland Government departments to consider when implementing the policy requirements of the Procurement and disposal of ICT products and services (IS13) policy. These guidelines do not form the mandatory component of the policy and are for information only. While some information communicates other mandatory obligations, which may be relevant in the context of the policy (e.g. legislation), departments are strongly recommended to further investigate these obligations in light of their own business requirements and seek legal/expert advice where necessary.

Audience

This document is primarily intended for departmental staff working in the areas of procurement, general ICT and project management.

The policy applies to all Queensland Government departments and other Queensland Government entities which are in scope for applicability of the Queensland Government Enterprise Architecture (QGEA).

Scope

This implementation guide supports the Procurement and disposal of ICT products and services policy (IS13).

QGEA domains

This guideline relates to the following QGEA domains:

Background

Departments are dependent on ICT for many aspects of service delivery. The ICT category has an annual spend in excess of $1 billion and this reliance on ICT is reflected in the magnitude of government expenditure on ICT products and services and their procurement.

The Government also recognises the need for a strong and vibrant ICT industry within Queensland and acknowledges the impact that ICT may have on the environment at the end of its effective lifecycle.

With this in mind, departmental ICT products and services will be:

• procured as part of a planned strategy and managed environment
• managed in an effective, sustainable manner that maximises value for money and manages any security risk in a manner that is acceptable to the department
• aligned with the Queensland Governments ICT-as-a-service-policy which advocates strategically sourcing ICT as-a-service as the primary option while divesting existing assets
• sourced, especially commoditised services, from private providers in a competitive market where this is feasible and represents value for money
• aligned with the Queensland Government Procurement (QGP), Department of Energy and Public Works (DEPW) Queensland Government Contract Management Framework (QGCMF) and associated Contract management plan template
• sourced from the local ICT industry whenever possible without prejudicing product quality and competitiveness, while meeting the departments requirements under Australia's free trade agreements, the Buy Queensland approach and the Local Benefits Test
• recycled or disposed of in an accountable, cost effective and environmentally friendly manner that manages any security risk in line with Information security policy (IS18:2018) which states departments must implement an ISMS based on ISO 27001 as per policy requirement 1. ISO 27001 states an ISMS will govern the control of secure disposal or re-use of equipment.

Conduct forward procurement planning

Departmental planning

To ensure the effectiveness of the ICT procurement planning process, each department should ensure the following:

• the departmental ICT resources strategic plan must comply with all legislative, policy, human resource administrative and regulatory obligations as outlined in the ICT resources strategic planning (IS2) policy
• when developing the departmental strategic procurement plan, departments will need to do business with ethical and socially responsible suppliers and will seek to influence the supply chain in this regard for its ICT products and services. This may include considering the sustainability credentials of suppliers, to ensure they are ethically and socially responsible
• under Principle 6 of the Queensland Procurement Policy (QPP) Queensland Government procurement planning will be integrated at all levels, including category strategies, procurement plans, significant procurement plans and other relevant plans and strategies to drive accountability and delivery of best procurement outcomes
• strategic planning lead times should be sufficient to ensure that:
  • the ICT industry is given forward notice of the departments significant ICT products and services requirements
  • significant procurement plans can be prepared for all high value or high-risk ICT products and services requirements before the procurement process, use of the Value Risk Matrix is strongly encouraged.
  • ICT investment reviews are undertaken for any ICT procurement activity that falls within the review scope.

Legislative and policy framework

Queensland Government departments are required to undertake ICT strategic planning as set out in the mandatory requirements of the ICT resources strategic planning (IS2) policy.

Additionally, Principle 6 of the QPP requires departmental procurement planning, at both the departmental level and for the individual significant procurements, to take account of the QPP. Where appropriate departments should prepare significant procurement plans for any products, services and capital projects that it identifies as being high expenditure or for which there is a high degree of business risk.

Alignment of planning

Well-aligned strategic procurement planning processes ensure that, with the exception of emergent needs, all high value or high-risk ICT procurement activities are identified, planned and implemented using the most effective procurement approach. Additional information on the nature of high value, high risk procurement is available from OCAP.

For further information on planning, refer to the ICT resources strategic planning (IS2) policy.

Succession planning

As part of the strategic planning process, departments should consider human resource issues relating to succession planning. Strategic planning should have specific regard for ensuring the development of appropriate documentation for relevant ICT products and services to avoid the high risk of reliance on individuals for the operation of the ICT products or services. Refer to the ICT resources strategic planning (IS2) policy with regard to the ICT planning process generally.

Economic, environmental and social procurement objectives

Under Principle 2 of the QPP, departments are required to use procurement to advance the governments economic, environmental and social objectives and support the long-term well being of our community; specifically, we:

• do business with ethical and socially responsible suppliers
• consider governments objectives from a whole-of-government and category perspective, prioritising these for application in our procurement decision making
• comply with the Commonwealth Disability Discrimination Act 1992 since its latest compilation in April 2018.
• comply with the Human Rights Act (QLD) 2019

Additional information is available from the Social Procurement Guide and more detailed ways to include social benefits when buying for government can be found at Social Procurement.

Potential future procurements

Under Principle 1 of the QPP, departments are required to use the Queensland Government QTenders website to publish notices of potential future procurements, where the department has determined this will be of benefit to either the department or supply market. These measures help industry to better plan for future tender opportunities and have the right staff available to participate in the tender when the opportunity arises.

Significant procurement planning

Under Principle 6 of the QPP, departments are encouraged to prepare significant procurement plans for products and services that the department has identified as being high expenditure and/or having a high degree of business risk (these plans combine supply market analysis and a departments demand requirements to inform the best approach to procuring the relevant goods or services).

Supply market analysis enables the department to get to know and understand how the market works, the direction in which it is heading, the key suppliers and the value they place on the department as a customer.

Further details of ICT procurement, planning, risk management and market analysis can be found in the Procurement guidelines which include:

• Better practice guide for early engagement with the ICT Industry
• Procurement guidance: supply market analysis

Investment review

The Office of Assurance and Investment (OAI) within the Queensland Government Customer and Digital Group, provides whole of government assurance over significant digital and ICT enabled initiatives. The OAI manage the Queensland Government ICT Investment Review process which supplements department ICT governance arrangements with independent reviews at set points within the initiative lifecycle. The ICT Investment Review process verifies:

• strategic whole of government and agency business alignment;
• the application of best practice to ensure initiatives are planned for success;
• that initiatives represents a wise investment; and
• consideration has been given to potential cross agency collaboration.

ICT Investment Review ensures appropriate assurance is being applied and strategic and policy alignment occurs. Additionally, the process supports increased visibility of the initiative outcomes, input requirements and potential multi-department synergies.

The OAI advocates all departmental procurement planning should consider the use or re-use common platforms across government to derive greater value from Queensland Government investments and digital assets. All digital and ICT-enabled initiatives should be registered with OAI to enable advice and guidance on investment proposals across the whole of government pipeline.

Departments are required to perform an assessment of initiatives against a set of pre-defined criteria. The extent of the additional governance required by the initiative will be determined based upon the identified levels of business criticality and risk and will be set out in an assurance plan.

Further details on the ICT Investment Review (Queensland Government employees only) can be found on the For Government , alternatively email OAI@chde.qld.gov.au for information on the investment review process and the associated forms required for submission.

Conduct effective procurement process

At a minimum, departments should ensure the following:

• end user, ICT professional and procurement professional expertise should be accessed during the planning and implementation phases of the procurement process for all high value or high business risk products and services
• procurement professionals involved in ICT Procurement should demonstrate a level of competency in the use of the Queensland Information Technology Contracting (QITC) framework to a level commensurate with the value and business risk of the procurement activity
• non-procurement professional staff involved in ICT procurement should receive fundamental training in procurement policy and procedures commensurate with the value and business risk of the procurement activity
• a value risk approach to the procurement of ICT products and services is adopted using the contract type decision tool in addition to other tools, such as the procurement Value Risk Assessment tool for category, sourcing and contract management activities.

In alignment with Principle 6 of the QPP, departments should manage risk through effective oversight, accountability and appropriate internal controls through governance and an integrated planning framework. For example, once significant procurement planning, as outlined in section 3.7, has been undertaken, departments should also ensure that governance structures, such as Boards and Committees and appropriate financial and contractual delegations are in place. It is also important that the relevant endorsing inter-departmental bodies for digital and ICT initiatives at the whole-of-government level, such as Queensland Government Digital Leaders Group and / or the Savings and Debt subgroups, are consulted in a timely manner.

Additional information is available at www.qld.gov.au/supplyICT.

ICT program and project assurance framework

The Queensland Government uses the Program and project assurance policy and framework as the minimum standards for project initiation, evaluation, procurement and assurance across the Queensland public sector. Departments should ensure the project management approaches identified in the Program and project assurance policy underpin the procurement processes undertaken for project delivery.

All programs and projects should ensure that their contractual arrangements embody delivery principles and acceptance and quality criteria, specifically contract milestones, SLAs and KPIs, for more information please refer to the Establishing digital and ICT contracts factsheet (Queensland Government employees only).

Procedures

Department procurement procedures are department specific procedures, which set out how procurement activities are to be conducted in compliance with the QPP , Buy Queensland approach, and other legislation, policy and free trade agreements, including but not limited to:

• National Competition Policy and related legislation and agreements including the Competition and Consumer Act 2010.
• ICT procurement must comply with the requirements of the ICT SME participation scheme policy and standard and Queensland Indigenous Procurement Policy (QIPP)
• Commonwealth Disability Discrimination Act 1992
• Human Rights Act (QLD) 2019
• Ethical Supplier Threshold
• Local Benefits Test which focuses on the economic benefit to Queensland. The purpose of the test is to evaluate the benefits that any supplier would bring to the local area. The origin of a supplier is not relevant; what is important is the benefit that a supplier can bring locally. For example, a supplier who is located outside the local area could still provide a benefit by using a local workforce or by using local businesses in the supply chain.
• Due regard must be given to relevant QGEA policies during the specification development and implementation phase of the ICT procurement process for products and services.

Further detailed information concerning ICT procurement processes can be found at ICT procurement.

The Queensland Government has established the QITC as the cornerstone of government procurement for ICT products and services.

For further detailed information concerning procurement best practice process, tools and templates, refer to the Queensland Government Procurement website.

Departments are reminded that:

• the Queensland Government Arrangements Directory (QGAD) is the main repository for government buyers to identify relevant whole of government and common use arrangements. Every attempt should be made to utilise these arrangements and avoid the unnecessary establishment of duplicate arrangements.
• the QITC framework is the basis for all contracts established for the procurement of ICT products and/or services
• DEPW has established a Preferred Supplier Panel for the engagement of contingent labour, including ICT contingent labour. ICT contingent labour i.e. contractors, should be engaged under this arrangement, which utilises the DEPW General Contract Conditions. Therefore, QITC should not be used for this type of procurement
• suppliers of ICT products and services are required to show their willingness to contract, where appropriate, under the standard general and/or comprehensive contract types under the QITC framework, noting that supplier terms and conditions and bespoke contracts can also be considered depending on the risk and value of the contract.
• ICT procurement procedures and processes must be consistent with, and reference QITC and must be readily available to all staff involved in the procurement and/or purchase of ICT products and services.

The QITC framework is managed by ICT Strategic Sourcing within the Queensland Government Customer and Digital Group and further information is available at QITC .

Staff training

To be effective, procurement professionals involved in the procurement of ICT products and services should be competent in the use of the QITC framework to ensure that it is appropriately deployed by departments at all stages of the procurement activity, this includes sourcing and market approach, i.e. invitation to offer through to contract formation.

Departments should also ensure that any non-procurement professional staff involved in the procurement process or purchase are familiar with their departmental procurement procedures. This is to ensure that operational staff comply with and defer to best practice procurement. Opportunities for mandatory entry level procurement training should also be considered for staff who are leading agency procurement activities but are not procurement professionals.

Departments should ensure that a level of procurement skill is maintained within the procurement function that is commensurate with the size and complexity of their ICT profile. DEPW's Skills2Procure training program provides access to both formal courses through the traditional Procurement Certification Program, and practical learning and development opportunities delivered through a new Critical Skills Boost Program for procurement.

Further information on training can be sourced at Procurement capability and training .

Queensland Government QTenders

The Queensland Government QTenders website includes a web-based electronic tender system that allows departments to publish forward notices of upcoming tender opportunities, release invitations to offer and to receive tender responses from prospective suppliers. In order for suppliers to plan effectively for Queensland Government ICT procurement opportunities, departments are strongly encouraged to contribute on a regular basis to the whole of governments Forward Procurement Pipeline dashboard.

The QPP requires departments to publish basic details for awarded contracts over $10,000 and additional contract details for contracts awarded of $10 million and over, in accordance with the Procurement Guidelines: Contract Disclosure issued by the Director-General, DEPW. Procurement method is only required to be disclosed for contracts of $500,000 and over.

Under the previous contract disclosure guideline, prior to 1 July 2019, agencies may have disclosed transactional data and/or contract information on the Queensland Government Arrangements Directory (QGAD). From 1 July 2019, agencies are moving to just publish contract information which will be available through the Queensland Government Open Data Portal.

Queensland Contracts Directory

DEPW manages the Queensland Government Arrangements Directory (QGAD).

Departments should review the QGAD (Queensland Government employees only) to ensure that, wherever possible, they use appropriate aggregated supply arrangements across departments or at the whole-of-government level.

Principle 1 of the QPP requires all departments to ensure the QGAD is maintained and up to date, departments should complete details of contracts and arrangements as required by the site. This will allow departments to:

• have a reference tool that can be used to consider opportunities for cost reduction
• aggregate expenditure by establishing and using lead department or whole-of-government arrangements
• avoid unnecessary tendering activities by using existing arrangements and contracts. In order to reduce the duplication of supply arrangements, agencies should not establish a new supply arrangement for a product or service which is already available under an existing arrangement.
• use the learnings gained through the establishment and management of existing supply arrangements when developing new contracts or arrangements for similar products and services.

All Queensland Government employees have access to the full version of the QGAD, the public has restricted access to the Queensland Government Arrangements Directory.

Category management

Principle 6 of the QPP encourages the consideration of government objectives from a whole-of-government and category perspective.

This has been strengthened by QGP's establishment of a Category Management approach based on six mega-categories of government expenditure, one of which is ICT.

Category management involves understanding expenditure in a specific buying category with the intent of ensuring:

• business needs are optimised (holistically)
• markets are analysed and understood
• the risk in the procurement is identified and mitigated
• identification of how best to leverage value for money and commercial outcomes
• suppliers are actively managed to deliver ongoing value for money outcomes.

In line with the other mega categories, ICT Strategic Sourcing has compiled an ICT Category Management Strategy 2020 to further assist agencies in aligning category management into their agency procurement plans.

Within the ICT mega category there are 4 key categories of expenditure:

• ICT services
• telecommunications
• software
• hardware.

These categories can be further broken down into sub-categories and it is at this level that departments who have notable expertise and a significant procurement capability in a specific sub-category will be encouraged to be the sub-category lead for whole of government. E.g. The Department of Education is the Hardware sub-category lead for personal computers under their End User Computing arrangement (DETSOA 84891).

For more information on the Category Management Framework, contact betterprocurement@epw.qld.gov.au

For more information on the ICT Category Management Strategy 2020, contact ICTstrategicsourcing@qld.gov.au

Queensland Government Enterprise Architecture (QGEA) policy

The QGEA policy and associated standards cover a range of subjects relevant to the development of tender specifications through to the development and implementation of ICT systems and databases. Current QGEA policies can be viewed on the For Government website.

Relevant policies include:

• ICT SME participation scheme policy and standard
• ICT resources strategic planning (IS2) policy
• Information Security Policy (IS18:2018)
• Information Asset Custodianship (IS44)
• ICT program and project assurance policy and framework
• Cloud computing strategy and implementation model
• ICT as-a-service policy
• Procurement related information privacy issues should reflect the requirements of the Information Privacy Act 2009.
• Departments are required to make full and accurate records of their activities in accordance with the Public Records Act 2002.

ICT industry development

Departments should consider the following when planning or conducting ICT procurement activities:

• existing procurement obligations regarding legislation, policy and agreements at a national and international level are met, refer to clause 4.2 of this guideline
• forward procurement notice is given to industry through placement of notices and updates to the Forward Procurement Pipeline on QTenders and via Partners in Technology briefings
• ICT procurement is consistent with and meets the requirements of the ICT SME participation scheme policy and standard
• the ICT Investment Review process (Queensland Government Employees only) provides briefings on departmental ICT issues and initiatives requiring consideration by the Data and ICT Deputy Directors-General Sub-Group (Data and ICT Sub-Group) or the Cabinet Budget Review Committee (CBRC)
• departmental procedures include content informing staff involved in the purchase of ICT products and services of the advantages of:
  • early market engagement
  • consultation with mega category/category managers within ICT Strategic Sourcing.

ICT SME participation scheme policy

Small to medium sized enterprises (SME) contribute significantly to the Queensland economy, and the Queensland Government is committed the assisting SMEs to access and win government business for the supply of ICT products and services.

This policy:

• ensures that departments adopt a consistent procurement process to ensure effective engagement with the ICT industry and specifically with Queensland (SMEs).

supports the achievement of set spend targets for purchases from Queensland SMEs.

For the purposes of the target, Queensland SME means an SME that has registered its main business location as Queensland, with the Australian Business Register.

The policy ensures departments adopt a consistent procurement process to ensure effective engagement with the ICT industry and specifically with Queensland (SMEs) and supports the achievement of set spend targets for purchases from Queensland SMEs. For the purposes of the target, Queensland SME means an SME that has registered its main business location as Queensland, with the Australian Business Register. An SME is any business employing less than 200 people(as defined by the Australian Bureau of Statistics).

Additional information on specific aspects of the scheme, are outlined in the ICT SME participation scheme policy and associated standard.

Early market engagement

The Industry Engagement team within ICT Strategic Sourcing was established to develop better relationships between departments and the ICT industry and to provide support and advice to departments undertaking significant ICT products and services initiatives. Additional information is available at Early market engagement.

Early market engagement is a strategic and collaborative approach for Queensland government departments to gather valuable intelligence in relation to the high level aims of large scale and high investment programs. The Queensland Government can benefit from suppliers knowledge of markets and trends and understand the capability and capacity of suppliers before developing their procurement strategy and requirements.

From the Queensland Governments perspective, early engagement with ICT suppliers is an important step in the program process. Early engagement, within the bounds of probity, ensures that the buyer makes a fully informed decision so that the right supplier is chosen to provide the right service while maximising buying power and minimising risk. Departments should consider the value of the engagement relative to the availability of products and services to conduct the engagement process.

The ICT Strategic Sourcing unit has prepared the Better Practice Guide for Early Market Engagement with the ICT industry

Principles of engagement and participation

Departments should be aware that the Australian Government through the Department of Industry, Science, Energy and Resources has developed the Australian Public Service Framework for Engagement and Participation which outlines expected standards and behaviours for public servants when engaging with citizens, community and business. The Queensland Government supports the principles and is helping to promote them in the state.

Market sounding

The market sounding approach develops market awareness to the stage where specific potential providers are sounded out to determine their views of potential solutions. Departments may face the need for market sounding at a program level to assess the reaction of the market to a proposed requirement and procurement approach. It is important not to enter into any agreements with suppliers at either the early market engagement or the market sounding phases. Staff need to be aware of any implied meaning in verbal statements made by them or offered by suppliers.

Additional information is also available in the revised procurement guidelines on Supply market analysis.

ICT product lifecycle and services management

When disposing of ICT products and services, departments should consider the following:

• maintenance contracts, warranties, service level arrangements and disposal processes must be consistent with departmental and whole-of-government ICT procurement policies, strategies and directions and meet specific departmental requirements
• disposal cannot be conducted without approval from the accountable officer or delegated personnel
• disposal should be supervised and certified upon completion by a person delegated by the accountable officer
• an ISMS (under Information Security Policy (IS18:2018)) should provide governance for disposing an ICT asset in line with ISO 27001
• disposal of data should be in accordance with the Records governance policy under policy requirement 6
• a variety of disposal strategies should be provided to meet differing circumstances, based on the relative value of the ICT asset and the efficiency and cost-effectiveness of the disposal process. For example, recycling within the department or across government, trade-in, and donation to community or non-profit organisations or by sale to the public through tender or auction
• due consideration is given to applying recycling strategy and adopting environmentally sensitive disposal practices to minimise the impact of ICT assets and resources
• the disposal process is seen to be fair, equitable and open and does not favour departmental employees.

ICT asset lifecycle

An ICT asset lifecycle approach requires effective management of an asset throughout its useful life. Good business practice requires that ICT assets are appropriately secured, maintained and used for the purposes intended, periodically accounted for, assessed to ensure their continued value to the organisation and disposed of in an accountable, cost-effective and environmentally friendly manner.

Protection of assets

Departments must assess and manage the risk that information or information assets might be compromised during any maintenance process and ensure:

• adequate policies and procedures to manage the assessed risk must be in place to protect ICT assets and the information and data contained on them during any maintenance process
• policies and procedures should be reviewed regularly as new technologies are introduced and the threat changes.

Maintenance contracts

Departments should base their decision to enter into a maintenance contract on consideration of cost justification versus risk.

Detailed information on the QITC framework is available on the Queensland Information Technology Contracting (QITC) framework website.

Further information regarding the variations departments need to consider in managing maintenance contracts and warranties can be found under the Government Building Construction and Maintenance Projects.

When assessing and developing maintenance processes, departments should refer to the Information Security Policy (IS18:2018)

Privacy requirements should be addressed within the context of the Information Privacy Act 2009. Recordkeeping requirements should be addressed in accordance with the Public Records Act 2002.

Warranty

Warranties may be offered as an extension of warranty arrangements on ICT products at the time of purchase. Although this may increase the initial purchase price of the item, there may be longer-term savings by not having to pay an annual maintenance fee.

Service agreements

Service or operating level agreements (SLAs or OLAs) are essential in ensuring that both departmental and service providers have a clear understanding of their respective commitments associated with the terms and conditions of any ICT maintenance agreement. Information relating to any warranty or maintenance agreements could be held as part of the department's asset register.

Information Management

Information that is managed by the Queensland Government is sought after for a diverse range of purposes from integrated service delivery to improve the lives of Queenslander's, better policy and planning, improving the efficiency of government; and increasingly for data analytics; these uses are further unlocking the value of our information holdings and opening up new areas of exploration and interest.

Information Management is about ensuring that information is available to the right person, in the right format at the right time. This involves a range of domains such as information governance, information asset management, information security, records management and information access and use management.

Management and removal of information

Over time, departments will gather a considerable amount of information that can be both significant and sensitive. It is necessary to ensure that information is removed from the asset and records are appropriately managed when a decision has been taken to dispose of an asset.

Departments should assess and manage the risk from data loss or compromise when ICT assets are disposed of.

To ensure information and records are appropriately managed, departments should refer to the Public Records Act 2002, Information security policy (IS18:2018) and the Records governance policy before undertaking ICT asset disposal processes.

The provisions of the Information Privacy Act 2009 should also be used to guide the development of processes for disposal.

Information Asset Lifecycle

The Queensland Governments Information asset lifecycle guideline describes typical phases of an asset lifecycle as well as a recommended approach for managing information, application and technology assets throughout the life of each asset or group of assets. This guideline describes details of typical activities that an agency may need to consider to effectively manage their ICT assets.

Delegation

Departments should refer to the Strategic asset management framework specifically asset disposal as well as local departmental delegation policy to determine departmental processes for the disposal of ICT assets. Under the provisions of Division 4 Resource Management of the Financial and Performance Management Standard 2019, responsibility for the disposal of surplus assets rests with the accountable officer or delegate of the department. Surplus assets should only be sold, traded in or otherwise disposed of with the approval of the accountable officer and in the manner specified by that officer or delegated officer.

Supervision and authorisation

Departments should assess and manage the risk that appropriate disposal action has been undertaken and is satisfactorily completed by developing procedures to authorise and verify that the appropriate action has been undertaken and is satisfactorily completed relative to criticality.

Information Security Policy (IS18:2018) provides guidance when assessing and developing such processes.

Strategies for disposal

ICT products represent a considerable investment and their disposal requires special consideration. Generally, the time to assess disposal options should coincide with forward procurement planning. Departments should consider a number of options, including:

• recycling including specific focus on improving digital inclusion
• disposal within government
• trade-in
• disposal outside government (e.g. auction)
• buy-back.

Review the QGAD for any disposal / auction arrangements for disposal of government assets.

Where appropriate, departments should consider publishing information about disposals to provide access to members of the public wishing to tender for the ICT assets. Given the increasing importance of environmental issues departments should consider disposal strategies which minimise the impact of ICT assets on the environment.

Legislative and regulatory obligations

Departments should ensure all legal and regulatory obligations under which they operate are observed when conducting procurement processes. In particular, departments should refer to the following within the general context of due diligence, accountability and probity:

• Information Privacy Act 2009
• Public Records Act 2002
• Public Sector Ethics Act 1994
• Queensland Procurement Policy (QPP)
• ICT resources strategic planning (IS2) policy
• Information security policy (IS18:2018)