The federal government outsourced more than $5 million of technology work to manage its international travel exemptions for one year, including large IT contracts where only a single provider was considered.
Multinational partners Fujitsu and ServiceNow received contracts together worth more than $5.5 million in March last year for a platform that houses Home Affairs’ Travel Exemption Portal (TEP).
Australian firm Service Potential is managing the portal as part of an ongoing $7 million contract with the department, which says data access is restricted to Border Force staff and approved users.
Since March 2020 Australia’s borders have been shut to non-citizens and non-residents in an effort to reduce the transmission of the coronavirus. A 14-day isolation is required for citizens, residents and others deemed exempt for compassionate reasons or to provide “critical services”, while outbound travel has also been restricted.
The TEP was set up by Home Affairs at the time as a database to manage exemption applications and associated data.
The database was established through a small deal with US software vendor ServiceNow but quickly followed multimillion dollar contracts to establish a platform for it to run on and contractors to run it.
Details of the outsourcing arrangements were outlined by Home Affairs minister Karen Andrews last week in response to questions from Labor about how travel exemption data was being managed.
In mid-March last year, Home Affairs began an initial $1 million contract with Service Potential, a Canberra-based firm marketed as the only dedicated Federal Government ServiceNow Partner in the country.
Two weeks later the Department began a separate $3.7 million contract with Fujitsu, another global partner of ServiceNow. The multinational cloud vendor was the only company approached for the work because it is the only endorsed ServiceNow cloud provider at the Protected security classification level, according to the Minister’s response.
A small deal for a software module specifically for the TEP was formally signed with ServiceNow a month later for $87,000.
Over the following 12 months, Fujitsu’s contract increased in value to more than $4.5 million while ServiceNow’s jumped to 10 times its original value as the contract was extended and amended multiple times as borders stayed shut.
Service Potential’s original $1 million contract has been extended until 2022 and ballooned to more than $7.4 million. It continues to cover support for the TEP as part of a range of professional services its provides the department.
A Home Affairs spokesperson said the Service Potential and Fujitsu contracts were in place before the TEP was established and cover “various functions” within the department.
“Home Affairs engaged Fujitsu and Service Potential for their respective contributions to the Travel Exemption Portal under contracts that were already in place with those companies for the general development and administration of the ServiceNow platform for the Department.”
Fujitsu’s contract was amended five times to increase contract value and length, ending in March this year. A new 14-month contract with the multinational was signed days later for $9.7 million. The new contract covers the platform for the ongoing TEP and has been increased in value twice.
Service Potential’s contract has been amended eight times and is currently in place until June next year.
The contract with the software vendor, ServiceNow, ran for a full year but has not been renewed or replaced because it was “only for implementation, which has been completed”, the spokesperson said.
Labor also sought answers from the Home Affairs Minister on the security and privacy of application data being collected through the TEP.
According to her response, the data is held consistent with the Protective Security Policy Framework and Information Security Manual, in a sovereign data centre consistent with the government’s Hosting Certification Framework.
Fujitsu has had its data centres in Western Sydney and Homebush certified “Strategic” — the highest level under the Framework – but only achieved this level in June this year.
“Data is stored on the ServiceNow cloud which is classified Official:Sensitive,” Ms Andrews’ response said.
“These data centres are based in Australia. System data is restricted via system roles, which must be granted by the Department and can only be accessed by Employment Suitability Clearance cleared staff.”
Personal information collected can be disclosed to other federal and state and territory government agencies, law enforcement and contracted service providers and airlines. But “no travel exemption data is transferred to an external firm”. In house Border Force staff also have access to the data as part of their role.
Do you know more? Contact James Riley via Email.