ICT Advice Note - Procurement of Open Source



Similar documents
COMESA Guidelines on Free and Open Source Software (FOSS)

Open Source, Open Standards and Re Use: Government Action Plan

THE NATIONAL FREE AND OPEN SOURCE SOFTWARE (FOSS), AND OPEN STANDARDS POLICY DRAFT SEPT 2014

All about Open Source An Introduction to Open Source Software for Government IT. Version 2.0

Assessment of Software for Government

GUIDELINES FOR THE PROCUREMENT OF FREE AND OPEN SOURCE SOFTWARE IN PUBLIC ADMINISTRATIONS*

The SME Engagement Handbook

A GOOD PRACTICE GUIDE FOR EMPLOYERS

OPEN SOURCE SOFTWARE AND THE AUSTRALIAN GOVERNMENT

1. In this Contract, except where the contrary intention is expressed, the following definitions are used:

Digital Continuity in ICT Services Procurement and Contract Management

Date Changes Cause of change Implemented by

Guideline on public procurement of Open Source Software

Dublin City University

Guideline on public procurement of Open Source Software March 2010

Managed Services Case Study

BEST PRACTICE GUIDE 6: ESTABLISHING CONTRACTS. RDTL MINISTRY OF FINANCE Procurement Service

Intellectual Property& Technology Law Journal

Open Source Management

SourceIT User Notes. Specific Clauses. Licence and Support Contract Commercial off-the-shelf Software RELEASE VERSION 2.

Best Companies Limited Website Terms and Conditions

Negotiating Intellectual Property (IP) Clauses

Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments

Procurement Policy. Finance Policy

Licence Conditions for Electronic Dissemination Packages Distributed Through Direct Dissemination. EDP Reference -

Procurement Policy Note Use of Cyber Essentials Scheme certification

Reducing cost and increasing efficiency through expert information management

Which MPA Assurance Review?

Lhasa Limited Software - Codes of Practice

ALM Works End-User License Agreement for Structure Plugin

Levelling the playing field for procurement of open source solutions

BOARD NOTICE COUNCIL FOR THE BUILT ENVIRONMENT. Notice No

How Open-Source Technology is Contributing

TENDER SPECIFICATION DOCUMENT. Tender for Producing Videos

Corporate Procurement Strategy

Moodle Implementation - Build or Buy?

COMMISSION STAFF WORKING DOCUMENT. Guide for the procurement of standards-based ICT Elements of Good Practice. Accompanying the document

Outsourcing. Knowledge Summary

Records management in SharePoint 2010

Overview of the Transfer of Undertakings (Protection of Employment) Regulations 2006

source OSS Watch University of Oxford This document is licensed under

How much do you pay for your PKI solution?

Supply Contract Risks: An Approach That May Be Adopted to Support Client-Supplier Contract Negotiations

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

GPL, MIT, BSD, GEHC (and me)

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Does the law of sales applicable to contract for supply of software?

Guide for the procurement of standardsbased. Elements of Good Practice. Draft

Epdf - A Guide to Slovaks' Public Administration

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

Software Licensing and Pricing Best Practices. Stewart Buchanan June 3, 2009 Gartner Webinar

Embedding Digital Continuity in Information Management

CSPA. Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software

IMPLEMENTATION DETAILS

The Cloud De-mystified The Buyers Perspective

GUIDANCE ON PROVISIONS THAT SUPPORT MARKET ACCESS FOR SMALL BUSINESSES

Policy for the Exploitation of University Intellectual property - Formation of New Companies

Mapping the Technical Dependencies of Information Assets

National Archives of Australia - Administrative Functions Disposal Authority March 2010

Home Page. Title Page. Contents. UK Government open source policy. Sebastian Rahtz January 14th Page 1 of 15. Go Back. Full Screen. Close.

F. No. 1(3)/2014 EG II. Ministry of Communication & Information Technology. Department of Electronics & Information Technology POLICY

The Benefits of Commercial Open Source

REQUEST FOR PROPOSAL FOR IT ASSET MANAGEMENT SERVICES

Key Risk Areas for Banks in contracting with IT Suppliers. Dan Holland Partner, Stephenson Harwood LLP, London

Corporate Information Security Policy

ITIL Managing Digital Information Assets

FME SOFTWARE LICENSE AGREEMENT

FIRE SAFETY INFORMATION FACT SHEET

Enterprise Architecture (EA) Principles

8. DIGITAL BY DESIGN - CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM

LSB Procurement Framework

Public ICT procurement practices. Survey Results from Public authorities and ICT suppliers

1.1 An initial request to enter into a contractual arrangement may be initiated by either Massey University or another party (Other Party).

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

Why SAAS makes sense: The benefits of Cloud Computing for Archiving

Energy Efficiency Financing Unlock opportunities for additional sales. Supplier benefits. Financial Services provided by

Good Practice Guide Open Source Software Exploring the Risk

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

August Report on Cloud Computing and the Law for UK FE and HE (An Overview)

Software as a Service: Guiding Principles

Module 3 Licensed Software TABLE OF CONTENTS. Version 3.0

Contracts, agreements and tendering

White paper Power Consumption Monitoring of PRIMERGY Servers in System Center Operations Manager

PUBLIC PROCUREMENT CONTRACTS

How to do Business with the London. Borough of Sutton

NewGenLib: OPEN SOURCE SOFTWARE S IN INDIAN LIBRARIES

Select Internet. Standard Terms and Conditions relating to the supply of online backup services by Select Internet

Information Note 02/13 18 February 2013

Open Source Software and the Australian Government

Open Source vs. Proprietary

Best Practice ITIL (Information Technology Infrastructure Library)

The NHS Foundation Trust Code of Governance

Packaged Software Request for Proposals (RFP) Template

Gateway review guidebook. for project owners and review teams

How To Manage An Open Source Software

Solvency II Data audit report guidance. March 2012

GPL, MIT, BSD, OSS (and me)

Report of the Auditor-General

Supply Chain Plan Final Guidance

Statutory Disclosure Guidance. Second edition August 2015

Transcription:

ICT Advice Note - Procurement of Open Source October 2011

1. Objectives and Context The objective of this document is to provide high level advice on how to ensure open source software is fairly considered when procuring an ICT solution. Providing a level playing field for open source entails ensuring that the requirements specified are justifiable and output based taking into account operational and technical requirements and cost. Procurers should not be naming a particular software vendor or drafting the tender documentation in a way that favours a particular vendor. To do so is a breach of EU procurement rules. Where projects are being evaluated by ERG questions are being asked about whether open source has been considered. This document does not endorse open source over proprietary software or vice versa. Current Government Policy states, however, that where there is no significant overall cost difference between open and non-open source products, open source will be selected on the basis of its inherent flexibility. Because of the wide range of open source provision, this document provides general advice only and highlights issues you may need to consider. It is intended that there will be ongoing work to incorporate information on the SME agenda and to provide template clauses for Invitations to Tender etc. This note also forms part of a larger toolkit. 2. Background to Open Source Software Open source software is a software development and distribution model where the software license guarantees certain freedoms. These include the right to access and modify the source code and to reuse and re distribute the software without constraint or undue cost. This is in contrast to the traditional proprietary software development and distribution model where access to source code is restricted by the vendor. Usually, reverse engineering, modification, reuse or redistribution of the software is restricted under the proprietary software licence agreement. Generally speaking, the strength of open source lies in its; no license costs, interoperability, easier integration and customisation, compliance with open technology and data standards and freedom from vendor lock in. Studies have shown that the benefits of open source generally materialise in the medium to long term. Furthermore, because open source software is free, there is greater flexibility in selecting the level of services or support that a customer wants to pay for, if at all. 3. EU Procurement Rules Where the software is free to use gratis software and all associated products are free for the whole of life use then there is no requirement to tender the requirement for the licenses. It is important from a procurement perspective to ensure that the whole life costs are examined, as although the software cost may appear free at the point of access it may not be free through life. A purchase of support and maintenance procured separately from licenses will need to be tendered where it is expected that the cost of support meets the EU thresholds and in accordance with any standing financial instructions. 4. Government Policy Key points of the Policy are:- (1) The Government will actively and fairly consider open source solutions alongside proprietary ones in making procurement decisions. (2) Procurement decisions will be made on the basis on the best value for money solution to the business requirement, taking account of total lifetime cost of ownership of the solution, including exit and transition costs, after ensuring that solutions fulfil minimum and essential capability, security, scalability, transferability, support and manageability requirements. V1.1 1Nov 2011 Page 2

(3) The Government will expect those putting forward IT solutions to develop where necessary a suitable mix of open source and proprietary products to ensure that the best possible overall solution can be considered. (4) Where there is no significant overall cost difference between open and non-open source products, open source will be selected on the basis of its additional inherent flexibility. Further information on the Government s Policy can be found in the Guide to Open Source, which forms part of the toolkit. 5. Routes to Market Support and services for open source software can be purchased through similar routes as those for proprietary software including systems integrators and independent support and services vendors. In each case the EU procurement rules are applied in exactly the same way in the assessment of value for money and total cost of ownership. As with all software, the terms and conditions should be analysed to understand what service levels are being promised and what rights exist if the software does not perform as promised. The second route is for a purchaser to simply download the open source software from an Internet source on a no-cost and as is basis. In this case, EU procurement rules are unlikely to apply (unless training materials or support and maintenance are being purchased) as there will be no supplier contract as such. Due to the free nature of the software, the terms and conditions are unlikely to offer any guarantees in the event of a problem with the down loaded software. 6. How to Buy In order to ensure that open source is given a level playing field, an ICT solution should be purchased in accordance with best practice. This involves specifying requirements in terms of outputs. An output based specification with a well informed and detailed evaluation will help to ensure that the solution offering the best value is purchased, whether this is open source or proprietary. The following requirements should be considered when purchasing any ICT solution (the list is not exhaustive):- a. Security b. Scalability c. Functionality d. Limits of Liability e. Maintenance and support requirements f. Future requirement for re-use g. Compliance with open standards h. Total cost of ownership 6A Security The security requirement for the ICT solution will need to be considered on a case by case basis and specified within the requirements for purchase. Current CESG Guidance 1 takes the view that 'no one particular type of software is inherently more, or less, secure than the other and does not favour one type over the other. Each must be approached on a case-by-case basis. The use of any software without appropriate maintenance and support presents an information assurance risk. Before approving the use of software (including open source software), managers must ensure that the plan for software support and maintenance is adequate and that the support 1 Good Practice Guide No.38 Open Source Software - Exploring the Risk can be found at the CESG website https://cesgiap.gsi.gov.uk/ia-policy-portfolio/good-practice-guides.shtml V1.1 1Nov 2011 Page 3

requirements are specified within the tender documentation. Security requirements are likely to be mandatory within an invitation to tender. It should be noted that IT solutions as a whole are security accredited, not individual software products. 6B Scalability of Licence Requirement Consideration should be given as to how licence requirements will vary over time. A question around how the supplier will deal with these scenarios should be included in the tender documentation. It may also be appropriate to include this in any cost modelling. Open source solutions tend to be more flexible in this area, being scalable in both directions upwards and downwards with a reduction in the risk of longer term financial implications. For example, procurers will not have to pay a licence fee on a per user or per box basis so they are not left with redundant licences. Organisations will need to assess the scalability of support. 6C Functionality The functionality required of the ICT solution should be clearly set out. Over specifying requirements or specifying functionality you are unlikely to use, can lead to unnecessary costs. Procurement and technical professionals should challenge customers requirements where lower costs or greater value for money are likely. 6D Limits of Liability Procurers should be able to justify the limits of liability asked for in any contract. Asking for a disproportionate limit of liability will adversely affect the competition and the price. 6E Maintenance and Support Requirements The level of support and maintenance agreements required should be specified within the tender documentation. Consideration also needs to be given to what can be provided internally and the risk attached to the provision of the support being offered. In house support and third party support will require analysis of the technical and commercial capabilities available, and capacity of resource. 6F Re-Use The purchasing organisation should consider the level of transferability of licenses. Transferability helps future proof an organisation against structural changes causing licenses to become invalid. Open source software is generally more flexible with regard to transfers than proprietary software. 6G Open Standards In January 2011 a Procurement Policy Note was issued entitled Use of Open Standards when specifying ICT Requirements. The key point in the PPN is that the Government will use open standards in its procurement specifications and require solutions to comply with open standards. The PPN can be found at (insert link) and should be taken into account in any procurement. 6H Total cost of ownership A complete and balanced assessment of any ICT Solution will require analysis on the basis of value against the Total Cost of Ownership (TCO), throughout the likely life of use. Contained within the toolkit is a document that provides guidance on TCO. A consideration of TCO may include (but not limited to): V1.1 1Nov 2011 Page 4

Acquisition (including purchase price) Licenses (could be removed for brevity) design build training carbon footprint maintenance upgrade change compliance integration customisation replace migration (data and users) As it is often difficult to predict accurately what the lifetime costs of the solution will be, particularly in relation to change, carrying out a TCO assessment provides an opportunity to identify, explore and challenge any assumptions and biases. 7. Software Licensing Generally This section covers some legal considerations about licensing, warranty and indemnity issues associated with software, that procurement professionals should consider. It should be noted that the vast majority of Government use of open source will not involve changes to the source code, or merging of source code, and hence the obligations around source code management and distribution are not triggered. 1. Legal considerations for licence management and the terms by which software can be used: i) Software is property that is protected under copyright law. Before downloading and using software it is important to establish the licence model. For open source software, where this is not obvious, it may be necessary to establish copyright through a technical legal examination of contracts. ii) Software of all kinds requires proactive software asset management. For proprietary software this is to ensure that the software used is appropriately and legally licensed. In the case of open source it is to ensure that the use and modification of the software through life, complies with the licence terms. iii) There are a variety of licence models for open source, where each licence model has specific terms for the use and modification of code. Many open source licences permit the user to modify for internal use without being obliged to distribute source code to the public. However, if the user chooses to distribute the modified open source software outside the user's organisation then some open source software licences (such as the GNU General Public Licence) do require distribution of the corresponding source code to the recipient of the software. For this reason, it is important to understand both the specifics of the open source licence in question and how the organisation intends to use and redistribute any modified open source software. 2. For all purchases, the following will need to be considered: what indemnification is offered for intellectual property infringement, what warranties are offered regarding performance and fitness for purpose, and what liability is accepted, and what limited. Legal support may be required. V1.1 1Nov 2011 Page 5

8. Where ICT solutions are provided by an outsourcer Specific advice where there is an outsourcer arrangement is not possible, due to the varied nature of these contracts. However, suppliers of ICT solutions under an outsourcer arrangement must (as contracts allow) be required to show that open source providers have been given a level playing field and that open source has been considered in the provision of a solution. Contract managers of such outsourcing arrangements should obtain a plan from their ICT provider as to how they intend to put forward a mix of open source and proprietary depending on the requirements. Contract Managers should also obtain confirmation from their outsourcer that, for a particular ICT requirement, open source has been assessed and how that assessment was carried out. Customers should always ensure value for money by assuring any supplier s technology choices and charges. 9. STATEMENT OF REQUIREMENTS The following is a basic form of words for inclusion in a Statement of Requirements (SoR) to state positively that it is Government policy to consider open source solutions on their merits where they are proposed and according to total lifetime cost of ownership. The Authority's requirements (as more particularly described in this SoR) include requirements for underlying technology to support the business processes described. To the extent that the technology requirements require the provision of software, Bidders should note that the Government's policy is to consider open source solutions on their merits and according to total lifetime cost of ownership. Bidders should note that where an open and proprietary solution is available, and where there are no material differences in terms of cost and functionality between the two, then the Government's preference is for the use of an open source solution. As such, Bidders should clearly identify the extent, to which open source software is included in their Responses to this SoR. V1.1 1Nov 2011 Page 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information