Open and Ethical Procurement Guide on Engaging with the Private Sector

Incorrect problem definition

The police department asks IT management to purchase the ID card creation system used by the provincial police, invoking the urgent need for it and its fair price.

Explanation

This problem definition is incorrect for the following reasons:

a) It does not define a problem to be solved but targets a solution; b) It assumes that the solution is the best solution; c) It assumes that the costs are license-related only.

Correct problem definition

After discussion with the police department, it appears that the correct definition for the problem is:

During an emergency, I need to secure a perimeter on several levels AND to know in real time where the respondents are.

Explanation

Thanks to this discussion, IT managers made some discoveries:

a) The solution to this problem involves several business units within the City, such as the Fire Department, Public Works, and potentially, partners outside the City such as ambulance services and public safety;

b) In light of the above, IT management is already aware that it will cost significantly more than the police service anticipates and that the provincial police solution is inadequate;

c) IT management will need to conduct market intelligence to determine what the industry has to offer.

Incorrect problem definition

The IT department decides to upgrade its desktop suite to its cloud-based version. Indeed, the provincial shared services centre has an agreement that allows them to purchase this version without going through a public tendering process, thus allowing for a quick and easy transition.

Explanation

This problem definition is incorrect for the following reasons:

a) It is inconsistent with a principle of public procurement, i.e. to give all suppliers an opportunity to bid;

b) It assumes that the costs are lower than those that could be obtained through a public tendering process won by the current supplier or one of its competitors;

c) It assumes that the costs of migrating to a new solution would be higher;

d) It assumes that switching to a cloud-based solution is less costly.

Correct problem definition

In this case, the correct definition would be:

I need to assess the benefits and feasibility of using a cloud computing suite.

Explanation

This problem definition requires that the following analysis be made before reaching a conclusion:

a) Review market bids by comparing their common international functionalities and technical standards to arrive at a call for tenders that allows major industry players to submit compliant bids;

b) Evaluate how much it will cost you to acquire, deploy, and maintain the solution for several years, and to “exit” it (total cost of ownership analysis [2]);

c) Evaluate the difference between the maintenance costs of a locally hosted solution and a cloud-based solution.

Incorrect problem definition

The fire department is asking the IT department to purchase e-learning software to reduce their labour costs, as every time a firefighter leaves for training, they are replaced by another firefighter who is paid on a time and a half basis.

Explanation

This problem definition is incorrect for the following reasons:

a) Its scope is organizational; b) It targets a type of solution.

Correct problem definition

In this case, one of the correct definitions would be:

I need to assess the benefits and feasibility of reducing my training costs.

Explanation

If e-learning software is assumed to be one of the preferred technology choices, then the IT department must first determine whether other business units would benefit from such a solution (broaden the scope).

It will then be necessary to:

a) Review market bids by comparing their common international functionalities and technical standards to arrive at a call for tenders that allows major industry players to submit compliant bids; b) Evaluate how much giving part of the online training will help you save in terms of face-to-face training, overtime, etc. and how much it will cost you to acquire, deploy and maintain the solution for several years (total cost of ownership analysis).

While public procurement laws, regulations, and procedures vary considerably from province to province, there are common principles to follow, as well as principles and practices that Open North recommends you follow.

Fairness towards suppliers

The cardinal principle to be respected in public procurement is to always give all suppliers the opportunity to submit compliant bids on public procurement.

Not doing so − i.e. targeting a supplier directly (by name) or indirectly (through selection criteria targeting a specific supplier) − is considered unethical behaviour that is contrary to this principle and, in several provinces, can even be an illegal practice

Maximize compliant responses

Whether the procurement is a public tender or an untendered procurement, the goal should always be to maximize the number of compliant bidders in order to ensure fairness, promote competition, and reduce costs and risks.

To achieve this, Open North suggests that you follow the following governance principles, if you have not already integrated them into your general procurement policy or your information technology procurement policy:

a. The information technology department is the only administrative entity authorized to make decisions on information technology acquisitions. This means that it is the final authority in the matter, including the public security services.

b. The Information Technology and Procurement Departments are the only administrative entities authorized to meet with actual or potential suppliers.

c. The City is the only organization authorized to undertake consultations with its citizens. This means that the City will not contract out public consultations to private companies.

d. All data produced by the City and its suppliers is the collective property of citizens. This paves the way for proactive disclosure of city data (open data) and measures to prevent the data from being resold to third parties.

e. All decisions regarding IT acquisitions are made after conducting a neutral market analysis [3] (including the open source), a total cost of ownership analysis, and a security analysis. This ensures that acquisition decisions are made based on facts.

Meeting with suppliers, whether before or during the course of a contract, is a delicate operation for public bodies (sometimes regulated by legislation in some provinces) and a number of practices should be followed in all circumstances.

a. Non-Disclosure Agreements

Since cities are public bodies subject to transparency rules for public procurement, they should refuse to sign non-disclosure agreements with suppliers.

b. Meetings or Exchanges With suppliers i. Only a small number of officials designated by the General Manager should be authorized to discuss with or meet with current or potential suppliers. In the case of information technology, they should be procurement officials and information technology architects. ii. Any request for a meeting by an information technology provider (including elected officials) should be directed to the Chief Information Officer. iii. Any meetings or exchanges, electronic or otherwise, between an information technology provider and the City should be documented and ideally published on the City’s open data platform. iv. Never accept or ask a supplier to demonstrate its products. This type of exchange must be framed by a tendering process as it may place the city in a conflict of interest situation.

c. Supplier’s Contribution to the Call for Tenders Drafting

Involving suppliers in the drafting of public tenders is an unethical practice, contrary to open markets (it gives an undue competitive advantage to a supplier) and, in some provinces, potentially illegal.

Where a supplier has participated in any way in an activity or in the preparation of documents that gives it an advantage on a related project, the originator should explicitly announce in the publication of the call for tender or by addendum that such supplier or people may not participate in the bidding process

d. Requests for Information

Cities, uncertain about the level of market response, often issue requests for information to suppliers.

This practice takes time and is of little use.

Instead, after defining the problems to be solved, we suggest that you conduct neutral market watches to find out the suppliers response capacity.

Public procurement of information technology and the different business models of the private sector are extremely complex. Thanks to its numerous exchanges with Canadian municipalities and its network of researchers, Open North recommends that you follow the practices below in your public contracts, and of course have them written by your lawyers.

a. Primacy of Local Law

Suppliers licensing agreements, including foreign suppliers, often provide that disputes relating to contracts be heard in the supplier’s country. It is therefore prudent to include contractual provisions that ensure that the courts of your province have jurisdiction.

Similarly, it is important to provide that in the event of a dispute, your contract will take precedence over your suppliers’ license agreements.

b. Dispute Resolution Provision When you acquire a solution or services, it is important to include contractual provisions describing precisely how conflicts are to be resolved (deployment, installation, resource allocation, quality of vendor resources, vendor performance evaluation, etc.).

c. Protection of Privacy

The protection of citizens’ privacy and personal information has become a hot topic and the notion of citizens’ personal information has broadened to include all biometric data concerning them.

Cities must now consider not only the personal data they hold on their computer systems, but also those potentially held by their IT suppliers and subcontractors, as well as non-profit organizations mandated by the City.

Open North recommends that you avoid entrusting any type of personal information to private IT companies; keep everything on your own systems, and strengthen your internal security measures.

The numerous scandals linked to cyber-attacks (LifeLabs, Capital One, cities of Burlington, Stratford and Woodstock) demonstrate the relative usefulness of contractual provisions for the protection of personal data. In this case, citizens’ confidence in government IT infrastructure must be maintained at all costs.

d. Data Hosting Location

We suggest that you include contractual provisions to ensure that data on a supplier’s computer systems are hosted in Canada. This provision should include the vendor’s redundancy IT infrastructure.

e. Intellectual Property and Data Ownership

Intellectual property must be the subject of several contractual provisions to the effect of:

• Ensuring that the supplier and its subcontractors hold all property rights to the software, equipment, and documents they use in connection with their contract.

• Ensuring all documents produced for the City in connection with the contract are the sole property of the City.

For data produced by the City and hosted by a supplier (or a not-for-profit organization mandated by the City), as well as data produced using supplier software and particularly cloud computing software, Open North recommends that you include contractual provisions that:

• Stipulate that all such data is the exclusive property of the City; • That this data may not be accessed, sold, or shared without the written permission of the Information Technology Branch.

f. Public Money = Public Code Increasingly, it is necessary for cities to have vendors develop modifications to their software or to have applications developed, such as computer programming interfaces (APIs) to link systems together.

It is recommended that cities include contractual provisions providing that they remain the exclusive owners of this code. This measure has several useful objectives for cities:

i. They can then release this code under an open source license, thereby encouraging the local IT industry and reducing contract handcuffing;

ii. They promote the interoperability of computer systems;

iii. They avoid giving a competitive advantage to a supplier with taxpayers’ money.

g. Anti-Corruption Measures

Legislation to help Canadian cities fight corruption and collusion in government procurement varies widely from a province to another, with the most comprehensive having been adopted in Quebec. In addition, offices of the inspector general [4] have been created in some cities with the power to cancel suspicious municipal contracts. In terms of public contracts, the first effective control measure is the publication of open data on public tenders and contracts. This data should include [5], as a minimum, the following information:

• The execution performance of the contracts awarded; • The unit prices of goods; • The risk analyses; • The expense evolution related to each contract.

Cities should also consider the inclusion of basic anti-corruption [6] and conflict of interest clauses in their tenders.

h. Proposal Evaluations The evaluation of bidders’ proposals should always be detailed in a call for tenders and leave as little room as possible for subjectivity. Here are some useful practices you can follow:

• Evaluate the conformity of the bidders’ response based on neutral functional and technical criteria (international standards). Limit the number of mandatory (elimination) criteria. Do not include software names. • Give maximum score to the quality of proposals (level of response to the criteria) rather than just the price. • Do not use complex scoring systems for criteria. They should only be either mandatory or optional, the latter having a value of 1 point. • Set the threshold for passing the optional criteria at a minimum of 70%. [7] • When creating your selection panel, avoid including the people who wrote the call for tender. • Rather than asking suppliers for demonstrations:

i. Write and integrate scenarios based on your evaluation criteria into your call for tender to verify their technical assertions;

ii. Ask vendors for access to their software;

iii. Form a technical committee to evaluate the veracity of the suppliers’ claims to the selection jury.

• Conduct implementation pilots (paid for by the City) for certain large-scale, high-risk projects; the success of these pilots is conditional on the full call for tenders awards. • Never ask a supplier to help you write a call for tender. • Never use tender templates provided by a supplier.

i. Publication of Public Offers

Ensuring that your tender is seen by potential suppliers is one more way to foster competition, reduce risk and price, and avoid having only one compliant supplier, which often forces cities to start their tendering process from scratch.

If all cities are obligated to post their tenders on provincial procurement platforms, there are three ways to increase the visibility of your tender after it has been posted:

• Publish your call for tender on specialized free distribution platforms (e.g. MERX). • Send a notice (separately) pointing to your tender to suppliers identified by your Market Watch. • Translate your tender into English or French. If applicable, you must indicate which version has legal value.

j. Strategic Procurement Considerations

i. Procurement Strategies The context of information technology and international relations is in constant evolution.

In recent years, several governments have adopted “cloud-based first” or “open source first” information technology procurement strategies.

Open North believes that such strategies are inappropriate for governments, particularly because they often limit access to government procurement to entire industries and deprive governments of solutions that may be better suited to particular contexts.

Open North believes that the only sound public procurement strategy is to focus on meeting the needs of citizens and to use any technology that can best meet those needs.

ii. Mission Critical Systems Security problems (phishing, ransoming, data theft, denial of service attacks, sabotage, etc.) experienced by suppliers are endemic. We strongly suggest that cities, as part of their procurement strategies implementation, carefully analyze the risks of entrusting third parties with the operation of IT systems that enable them to carry out their critical missions to citizens, for example:

• public safety systems (911, dispatch, etc.) • urban navigation and traffic systems; • lighting systems; • municipal plant operating systems; • power generation and distribution systems; • building management systems; • sensor management systems (Internet of Things).