ICT Procurement: tips and traps


Good technology is fundamental to your business. There are many ICT products on the market but often they are only as good as the relationships and contracts behind them. Entering into a one-sided supplier contract can significantly diminish your subsequent contractual rights and might leave you without compensation if the product or services fail to deliver. Developing your own suite of templates, or using a government template is always a good starting point as long as the procurement team have been trained in the use of the template.

A complex web of contracts

There are a wide variety of ICT contracts. Some examples are listed below:

  • hardware supply and maintenance agreements
  • simple licence agreements (for off the shelf or open source software)
  • licence and maintenance agreements (where no customisation or configuration is required)
  • complex development, licence and maintenance agreements (where customisation or configuration is required)
  • software as a service agreements (where software is hosted and accessed via a web browser and involves all customers using the same version of software but with the ability to set configuration options)
  • maintenance agreements
  • hosting agreements (where the software and client data is being hosted off–site)
  • consultancy agreements (such as for website development)
  • implementation planning study agreements.

Even within these categories there are many of sub-categories: reseller arrangements, enterprise licenses, pick and mix licenses and single application licenses.

Scope of works

The scope of the ICT works should be clearly articulated at the outset of any major procurement. Important questions include:

  • what does the business require now and in the next 5-10 years?
  • what model of service is the best fit with your existing infrastructure and service needs?
  • what are the high-impact operational risks and how can they best be treated?

If you are not at a point where the scope of the works and deliverables can be sufficiently defined in a contract, then you should consider undertaking an implementation planning study prior to procurement. Leaving a number of key matters, such as deliverables, milestone dates and associated pricing, to subsequent agreement creates significant operational risks. While it may seem innocuous to agree to agree in good faith, such understandings do not create enforceable obligations and are only acceptable where the contract includes a right to terminate the contract early (without penalty) if those matters cannot be agreed. These termination provisions are rarely acceptable to suppliers as they create a high level of commercial uncertainty.


Depending on the complexity of the proposed arrangement, you can either purpose build a contract or use your own templates or government templates such as the eServices Contract.

If you are using a template it is important to use the current version sourced directly either from your template system or a government website and to cite the version number. Versions used in other procurements, even with the same supplier, may have been amended in a way that is not readily noticeable. To avoid this confusion, it is also prudent to make all amendments in a schedule.

There are usually a significant number of decisions that a template leaves to be negotiated in each contract through the use of an individual order contract or a contract variables document. These decisions range from the specification and scope of works, to system uptime, the status of third party contracts, liability caps, and the treatment of updates and upgrades, to name just a few. Using a template will not avoid the need to negotiate these terms for each contract as they are context specific.

Some common risks in ICT contracts

Some of the common risks in ICT contracting are as follows:

  • Using supplier contracts – supplier contracts are drafted to protect the supplier and in many instances seek to limit liability to an unacceptably low level.
  • Limitation of liability and liability caps – template contracts will usually exclude any limitation of liability for damages relating personal injury and property damage as well as breach of third party contracts. However, there will usually be capacity for suppliers to negotiate liability caps for contractual damages and some kind of consequential loss exclusion. Liability caps sought by a supplier should be taken into account in evaluating supplier tender responses. Often pricing will be based on a particular liability position taken in a supplier’s contract and therefore it will be difficult to negotiate after the tender is awarded.
  • Consequential loss, loss of use and loss of data suppliers often seek to exclude liability for consequential loss, loss of use and loss of data.

Recent Australian cases have broadened the test for ‘consequential loss’ so that it may now include losses that would previously have been considered to be direct losses, such as, liquidated damages for delay. If a consequential loss exclusion is to be negotiated it will be important for you to consider the categories of loss that may arise from a breach and specifically carve out those you do not wish to see excluded, such as loss of data.

  • Security – with the increasing popularity of ‘software as a service’ arrangements in which data is hosted off-site, precautions and planned responses addressing issues such as, encryption, back-up and data breach procedures, should be built into the contract. If you are an entity for the purposes of the Privacy Act 1988, the new Notifiable Data Breach Scheme (NDB Scheme) will apply from February 2018. Contracts should require compliance with the scheme and a protocol for managing notification.
  • Reseller arrangements – many maintenance and support contracts will include reference to third party software. The contractor will be a reseller. It is important that the terms of the contract which refer to third parties and sub-contractors are well understood, and that the supplier’s obligations are transparent. For instance, are the response times those specified in the RFT and tender response or are they overridden by third party contract terms?


Many ICT contracts are high value and represent a high operational risk to your organisation. Prior to commencing a procurement it is important to have a comprehensive understanding of the current scope and future development of the product and services as well as the key operational risks and the third party arrangements that it may entail. This will allow you to choose the right contract template, request completion of the correct schedules, and enter into negotiations with a well-considered risk tolerance and treatment.

If you have any questions arising out of this article, please contact Sarah Caraher on (03) 9865 1334 or email sarah.caraher@healthlegal.com.au.

Share this post

Ready to get in touch?