With the Queensland Information Technology Contracting (QITC) framework now well established, it is timely to look at the some of the key issues that can arise for government in using the framework.

Service level agreements (SLA) can be tricky for customers – it is common for them to be included in a contract, but then not measured, and for any service credits not to be claimed. However, a good SLA can be the main tool to ensure good supplier performance in the contract's operational phase, which is especially critical given contracts are often being extended for longer periods.

The key to a good SLA is to keep it simple – identify one to three key KPIs specific to the project to measure and apply credits to, have a credits regime that escalates as the performance gets poorer, and include termination rights as a final remedy. As part of this, the customer needs to ensure a significant amount of the relevant fees are at risk.

Specifications and requirements remain an ongoing challenge. It can be hard for government to document its requirements in detail – often these evolve throughout the project. But these documents, whether available at the start or down the track, are key to setting the appropriate bar for the supplier to reach, especially if acceptance testing is part of the project.

Acceptance testing remains important for customers to ensure that they are getting what they need and will be paying for. Suppliers often claim that this is not required, especially for off-the-shelf software, but customers should resist these arguments. Good quality products and services should have no problems passing reasonable acceptance testing.

Cyber security is a growing challenge for all customers and the contractual requirements for supplier security are ever increasing – from a paragraph or two a few years ago, to potentially a few pages in some contracts now. While the QITC does contain various requirements in relation to security, it may be necessary to supplement this – such as with additional clauses, reference to relevant customer or other standards, and including a requirement for cyber security insurance in the additional insurance provisions.

Customers should also clearly describe the commercial details they have agreed upon with the supplier. Clear pricing details (broken down into individual components as necessary) and payment arrangements need to be set out in the schedules. Customers need to consider and try to avoid paying too much ahead of delivery. This can be particularly tricky if third-party software providers are involved and are seeking payment for the software from the start of the contract, even though the customer may not be actively using the software during the implementation phase. Pricing should also clearly cover any additional items that may be required, and any potential increases so that the customer has cost certainty throughout the contract term (including extensions).

Customers should also be mindful of their obligations as these can often lead to delay claims or variations from suppliers. For the most part, the contract is about the supplier providing a product or service and the customer paying for it. As such, other obligations on the customer should be relatively limited and very specific.

Finally, a good contract is of no use if it is not properly managed. Any significant contract (whether it involves high risks or value) should have proper contract management processes in place. These processes may include the development of a contract management manual, management of key dates (particularly end of term and extensions), briefings for the operational team on key contract features, and careful management of any variations.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.