The new guidance and standards referred to are embodied in one document entitled ‘Next Generation Networks: Procurement Standards, Guidance and Model Clauses’ (the ‘Guidance’).[1] The Guidance is around 50 pages in total and is split into 7 sections with a structure which broadly follows the stages of the procurement process.
Before considering the Guidance in detail, it is perhaps worth refreshing our memory on the subject matter and looking at some of the challenges which face any organisation (public or private) in the switch over to Next Generation Networks (‘NGNs’) – such challenges are, after all, driving the need for standards and guidance in the first place.
Definition of NGNs
So, what are NGNs? There is a ring of Star Trek about the phrase and there can be similarities: voice, video and data communication all from the one handy package and sometimes it can involve talking to a computer screen more than one might consider healthy…
The Wikipedia plain-English definition is as concise as any: ‘[networks embodying] some key architectural evolutions in telecommunication core and access networks that will be deployed over the next 5-10 years. The general idea behind NGN is that one network transports all information and services (voice, data, and all sorts of media such as video) by encapsulating these into packets, like it is on the Internet. NGNs are commonly built around the Internet Protocol, and therefore the term “all-IP” is also sometimes used to describe the transformation towards NGN’.[2]
There are further distinctions to be drawn between core NGNs and access NGNs, but such details are beyond the scope of this article. BT’s ‘21st Century Network’ or ‘21CN’ is possibly the best publicised example of an operator’s NGN plan but there are several other UK examples.
The concept of IP telephony – or Voice-Over IP (VOIP) as it is sometimes described – has been with us for some time but it is only in recent years that viable commercial solutions have started to appear (many of us will be familiar with Skype for example). As the technology matures and brings with it the potential for new services and enormous cost savings in the longer term through a more competitive marketplace and a move away from the requirement to maintain links to the separate public switched telephone system (PSTN), the public sector obviously cannot afford to ignore NGNs.
There are challenges ahead including those associated with the regulation of NGNs; there are many articles on the regulatory aspects and consultations are ongoing about the current
Challenges and risks with switch-over to NGNs
The Guidance states in the introductory section that: ‘Historically,
These could be particularly acute in the early years of NGNs as the technology continues to evolve and improve, and there could ultimately be many unhappy migrated end-users and lead implementers whose expectations may have been based on hype and who will inevitably be benchmarking sub-consciously against the existing standards achieved by traditional telephony systems.
Some of the principal issues and risks could be summarised as follows:[4]
Cost
Promised cost savings could take some years to materialise – indeed NGNs can currently be very expensive to implement with significant upfront costs and as yet no real economies of scale.
Timing
There is an understandable reluctance (particularly within the public sector where public money and rigorous audit scrutiny are involved) to be a ‘first mover’ to procure new technologies such as NGN. Procure too early and you could end up with inferior technology which you paid too much for; procure too late and you could have missed out on some significant potential cost savings.
Transition
Transitional arrangements could take a long time. Existing telephony equipment has a considerable lifespan and there could be some reluctance to replace a system which is working well, particularly if transitional arrangements will involve supporting and paying for two systems running in parallel.
Knowledge and Support
IT departments within any organisation (including public authorities) tend not to consider support of the telephone system as their primary function and will typically have only a basic knowledge and experience in relation to operation and support of both traditional and IP-based telephony systems.
Reliability
This could be sub-divided into two separate considerations: availability and quality. In both areas, the end-user experience of the traditional PSTN network (at least in the writer’s memory) has been strong. However, with an NGN where voice traffic is competing for bandwidth alongside other classes of data, it will be crucial to ensure that there will be sufficient overall bandwidth (and in particular sufficient bandwidth allocated to the voice class of service) to support a service which will remain available and will provide a consistently high quality service for all classes of traffic.
Security
Security vulnerabilities with IP-based networks have been well documented and there are obviously high standards which require to be met in order to carry government voice and data traffic.
Interconnection
As the Guidance highlights: ‘NGNs inter-connect to form a ‘virtual network’. It is within this virtual network that vulnerabilities in one network could potentially impact on other networks.’
Commercial Factors
Whilst there will inevitably be commercial pressures on service providers to put robust and secure networks in place, there will equally be issues of cost and priority for suppliers that make express contractual protection for the buyer essential. And given the interconnection issues involved with NGNs (see above), it will be important to ensure that all suppliers are obliged to maintain robust networks to ensure no vulnerabilities in the total ‘virtual network’.
Background to the Guidance
Mindful of such challenges, the Cabinet Office’s NGN Risk Mitigation Programme initiated the Next Generation Networks Procurement Standards Project, and the Project identified the need to produce a best practice guide for public sector procurement of NGN technology.
Through the Project, the OGC produced the Guidance in consultation with government departments and industry bodies and this was first publicised by the OGC in a press release on 6 March this year. The press release stated the underlying aim that ‘…public sector organisations should only contract with service providers that have demonstrably invested in robust security and risk mitigation measures’.[5]
The aim is that the Guidance should apply with immediate effect to supplement the existing OGC Decision Map Guidance and Model Agreements for Procurement of ICT Services[6] (‘Decision Map’) in ongoing and future procurements relating to NGNs (or which include an element of NGN technology) as well as to govern the management of existing such contracts which have already been let.
What does the Guidance say?
The Guidance is structured to follow the procurement process from the procurement planning and strategy stage through to award of contract and the operational phase.
Generally, the document re-iterates some of the fundamental procurement principles associated with each stage of the process which will be relevant for most ICT procurement projects. It then goes on to focus on some of the key areas that will be of particular importance in NGN procurements.
In the introduction to the Guidance, it is made clear that the Guidance is not a comprehensive guide to buying telecommunications equipment and services. In particular, the Guidance emphasises the continuing critical importance of ensuring that service specifications and service level agreements/service sanction regimes are comprehensive (for example, in relation to coverage, availability requirements and fault clearance) and carefully thought through, with the assistance of professional and technical advisors where appropriate.
It is also made clear that the Guidance is not intended to be proscriptive or exhaustive, nor is it intended to create an arbitrary ‘pass mark’ in relation to security and risk mitigation issues. Rather, it is intended to be indicative of best practice and used in the context of the particular procurement concerned: in large aggregated NGN procurements, much of the Guidance may be applicable and relevant, but that may not necessarily be the case in smaller scale NGN procurements (or those procurements involving only a minor NGN element).
A summary of what each section covers is as follows:-
· Procurement Strategy – highlights some of the key areas for the NGN procurement planning process eg whether there will be a need to trial short-listed suppliers as part of the evaluation process or whether there will be a period of parallel running with existing telecommunications systems.
· PIN/OJEU Advertisement – provides recommended wording to be included in Prior Indicative Notices and OJEU advertisements, eg featuring clear and early emphasis of the importance of robust risk mitigation and security measures and of confidentiality, integrity and availability of systems.
· PQQ – sets out sample questions and recommended wording for the Pre-Qualification Questionnaire (eg Is the supplier a member of any telecoms industry bodies (eg NGNuk)? Has the supplier provided any specific assistance or feedback to the industry relating to addressing the particular risks and issues associated with NGNs?) There is also some proposed standard wording which can be used to indicate that a high weighting will be placed on responses to questions relating to security, robustness, etc.
· ITT/ITPD/ITN – this section contains good practice tendering guidance and, similar to the section on the PQQ, some suggested demands for suppliers eg Provide an overview of the NGN design and architecture; Detail your risk mitigation and business continuity plans in respect of the NGN services; Outline the physical and technical security measures that would be deployed to protect the network.
· Contract Terms and Conditions – split into two sub-sections, which are respectively intended to provide sample terms and conditions and wording to deal with new NGN-based telecommunications services contracts and those currently being procured on the one hand, and existing such contracts on the other.
· Contract and Supplier Management – lists a number of contract and relationship management principles and issues once a relevant contract has been let – eg ensure that any new security and risk mitigation measures which have been or might be applied to the network are discussed at service review meetings and that potential new risks are identified early; regular review and testing of the supplier’s business continuity plan, etc.
Contract Terms and Conditions
As technology and/or procurement lawyers, it is worth particularly focussing on the penultimate section of the Guidance which contains sample terms and conditions for the project agreement and wording to be incorporated into existing contracts.
Sample clauses for new procurements
The sample terms and conditions provided for future contracting purposes comprise seven clauses entitled:
· Provision of the Services
· Security
· Escrow
· Representations
· Audit
· Suspension of the Services and Step-In Rights
· Definitions and Interpretation
The first thing that is likely to occur to practitioners with a working knowledge of the Decision Map is that these clause headings appear to overlap with some of the existing provisions of the Decision Map model agreements. Indeed, upon closer inspection, there are areas of the subject matter which are very similar. For example, the security clause overlaps with various clauses of the Model ICT Services Agreement including clauses 28 (Contractor Personnel), 40 (Authority Data), 43 (Confidential Information) and 48 (Security) as well as schedule 2.5 (Security) and possibly the Security Policy which it is envisaged will be created pursuant to that schedule too.
Whilst the sample provisions in the Guidance are more targeted at NGN-type services, it is also worth noting that, in some cases, they are significantly more onerous on the service provider than is the case with the equivalent Decision Map provisions. To give just a few examples:
· the service provider must ensure that the strict security requirements are applied to the operator of any telecommunication system over which any communication is transmitted as part of the services under the contract (ie inter-connecting networks):
· the contracting authority seeks wide rights of audit which may extend to suppliers of inter-connecting networks and a range of sanctions (including suspension, termination and the right to re-procure) apply if this is not permitted or an audit uncovers any non-compliance
· the contracting authority can call upon the service provider to prove representations made in pre-contractual discussions to the authority’s reasonable satisfaction and, if the service provider is unable to do so, a range of sanctions (including suspension, termination and the right to re-procure) applies
· the thresholds applying to the contracting authority’s right to suspension and step-in to the contract are lower.
It will be interesting to note the response of the industry to the Guidance in this sort of area, particularly as there are already parts of the Decision Map model agreements to which industry bodies such as Intellect have objected.
The sample clauses in the Guidance are not suitable for wholesale incorporation ‘as is’ into the Decision Map (nor likely any other framework agreements used by contracting authorities). The Guidance states that ‘use of these clauses should be as directed by appropriate legal support’.
Whilst it is understood that there was an imperative to ensure that the Guidance was completed and promulgated as quickly as was reasonably possible, it would be useful in due course for an update to be issued which illustrates how the sample clauses in the Guidance should properly be incorporated into the Decision Map. One way to do this might be by way of an addendum to the Guidance setting out specific required changes to the Decision Map clauses for NGN procurements where the Decision Map model agreement will be used as a baseline. A new version (version 3) of the Decision Map is due towards the end of 2007 and OGC may be considering addressing the issue at that time.
Sample wording for existing contracts
The wording applies in the event that the service provider wishes to migrate to an NGN to provide some or all of the services under the contract. It prescribes that in such event the contracting authority is entitled to require such additional assurances as it deems appropriate from the service provider in relation to security and risk mitigation.
Similar to the above position with new procurements, there is little direction as to how the proposed wording for existing agreements is to be incorporated. This will presumably have to be through the change control procedure, which (depending upon how this is framed) could leave some room for manoeuvre for the relevant service provider.
Conclusion
The Guidance is another brick in the wall being built under the OGC and Partnerships UK banners to try to ensure consistent, responsible and professional procurement of ICT solutions across central and local government. It provides some valuable and targeted guidance in a complex area, which contracting authorities will find mostly helpful and straightforward to apply. However, contracting authorities will have to give some thought to whether – and if so how best – to incorporate the relevant sample contract terms. The prudent contracting authority will seek legal advice here (in the case of the Decision Map, at least until updated guidance which establishes how best to incorporate the sample contract terms into the model agreements is issued).
Although the principles underlying NGNs are now fairly well established, NGNs are a fast evolving technology and it remains to be seen whether the Guidance will keep up with the pace of change.
Callum Sinclair is a Scottish-based Associate in the Technology Media and Commercial Team at DLA Piper
[1] A copy can be found at http://www.ogc.gov.uk/procurement_documents_telecoms_procurement.asp
[2] http://en.wikipedia.org/wiki/Next_Generation_Networking
[3] series of European Directives (2002/19/EC through to 2002/22/EC) which took effect on
[4] Many of these are raised by Adam Westbrooke in his excellent recent article entitled ‘VoIP’ in Computers & Law December/January 2007.
[5] http://www.ogc.gov.uk/About_OGC_news_6915.asp
[6] Version 2 (published in September 2006) is now available from the website of Partnerships UK at http://www.partnershipsuk.org.uk/ictguidance/index.asp