Sean Boots

Technology, public services, and people. But mostly people.

Paying for low-cost cloud services on a departmental credit card

It’s really useful and it just got easier

One of the themes of this blog is that access to modern tools has a huge impact on public servants’ productivity and effectiveness. This is true for public servants all across government departments, not just those that are working in explicitly “digital” teams and roles.

There are a lot of online tools available today – for team collaboration, for communications, for data analysis, for software development – that historically haven’t been easily available to public servants. This has changed for the better over the past few years, and the pandemic (with many public servants working from home) has illustrated just how critical these tools can be.

For Canadian federal public servants, one major improvement was the 2018 policy notice issued by the Office of the GC CIO, stating that departments should unblock access to online services and “enable open access to the Internet for GC electronic networks and devices”. Access to online tools is now, for most departments, much more straightforward than it used to be.

But, there’s been one long-standing hurdle to public servants adopting online tools: how to pay for them. Fortunately, as of this past week – thanks to the release of the Directive on Management of Procurement – this just became significantly easier.

Why paying for online services matters

Many online services (particularly those aimed at a consumer market) have free tiers, which let people try the service out with limited functionality without paying. Since the 2018 policy notice, this has been the norm for a lot of government teams – they can set up a new service in minutes, using a free tier. On the other hand, getting approval from internal IT or procurement groups to actually pay for the same service could take months or years. For low-cost services, the public servant staff time needed to complete the procurement process could cost close to, or more, than the service itself.

Companies providing online services, in turn, by and large aren’t interested in government procurement or invoicing processes. When the cost of their services (for, say, a small team) is $30 or $100 per month, dealing with a government purchase request, getting custom terms legally reviewed, and sending traditional invoices – the activities normally needed to pay for software in government – is an order of magnitude more expensive. These companies all have better things to focus on, namely their thousands or millions of non-government customers, and they’ll often only accept payment by credit card.

Although free tiers are a great way to try out a service – and to see if it meets a team’s needs – it’s usually super valuable to switch to a paid tier as soon as you possibly can.

Paid tiers of online tools typically add a wide range of important security, user management, and data export features. For government teams using these tools, these are often really critical:

  • Free tiers of collaboration tools like Trello don’t have overarching user management options, so if an employee leaves your team you need to ask them to manually remove themselves from your organizational Trello account. Imagine if an employee were to leave under less than happy circumstances – it would be messy. User account handling tends to be much more robust on paid tiers than on free versions of services.
  • Free tiers of services like Slack limit access to older messages, once an organization’s Slack history reaches a certain size. If teams don’t upgrade to a paid tier, they wouldn’t be able to comply with Access to Information requests or other information management activities that apply to older messages.
  • Important security features like multi-factor authentication, single sign-on, and activity audit logs are often only included in paid tiers of services. These are all security protections worth adopting as soon as you can.

All told, paid tiers of online services are lower-risk than free tiers from an organizational and security standpoint.

Traditionally, though, departmental procurement and financial divisions have been reluctant to allow teams to pay for online services with a departmental credit card (credit cards being, again, the only way to pay for them).

One barrier that would frequently come up is the 2013 Policy on Decision Making in Limiting Contractor Liability in Crown Procurement Contracts. According to that policy, only the deputy minister of Public Services and Procurement Canada could accept commercial terms that limit vendors’ liability to the government if things go wrong. That, in turn, was frequently interpreted to mean that government teams couldn’t accept the standard click-through terms of use for online services, which almost always include liability provisions. (For example, that the service provider is only liable for the cost you as a customer paid in the past 12 months.) This left teams with two unappealing options:

  • Asking the deputy minister of PSPC if your team could spend $15/month on Trello and accept Trello’s standard terms and conditions. Not exactly a viable option.
  • Asking the provider to sign a Government of Canada-created and negotiated contract agreement. Given the length and complexity of a typical GC contract, the provider’s legal costs for reviewing the contract would far exceed the $15/month revenue.

Bring on the new directive

Fortunately – after years of work – the new Directive on Management of Procurement is now published and active.

One of the key parts of the new Directive is that it officially deprecates the 2013 policy on limiting contractor liability. 🎉 It replaces it with an appendix titled Mandatory Procedures for Limitation of Contractor Liability and Indemnification in Contracts. The bulk of that appendix is focused on larger scale categories of procurements (commodity groupings) – for example, Shared Services Canada setting up multi-million-dollar cloud infrastructure contract vehicles.

But (and this might be my favourite part of any TBS policy appendix!) it includes the following section on low-dollar-value services:

In the absence of a viable existing commodity grouping, where appropriate, accepting standard commercial terms and conditions related to the limitation of contractor liability associated with low-risk and low-dollar-value goods and services, including subscriptions, software, mobile applications, cloud services and open source software. (B.1.1.4, emphasis mine)

This means that government teams can accept the standard terms and conditions of low-cost online tools. It’s a small thing on paper but the impact on teams striving to work in modern ways is going to be huge.

This is also a big win for small and medium-sized software and software-as-a-service companies, including Canadian ones. It gives departments access to services that previously required the provider to sign a Government of Canada contract, which can be confusing and difficult to navigate for small businesses that aren’t accustomed to government procurement processes (compared to, of course, large IT companies who have whole teams dedicated to winning government contracts!).

How do we actually pay for a service, though?

This is a question that comes up a lot! For federal public servants in typical departments, the answer is:

  • Find someone on your team with Section 32 financial signing authority (typically a director or director-general role) who can say “I approve this purchase” in an email thread about a particular service.
  • Find someone with a departmental acquisition card (typically an admin person) who can actually pay for it, on a monthly or annual basis. (Getting a departmental acquisition card involves a non-trivial amount of mandatory training and approvals!)
  • Make sure that the person with the departmental acquisition card has a copy of the “I approve this purchase” email so that they can handle the credit card reconciliation process every month, or whenever credit card charges take place. (This is a genuinely painful amount of paperwork; admin people are heroes.)

This all depends, of course, on the cost of the online service being below the competitive bidding threshold for services (currently $40k), as well as being below your department’s per-transaction credit card limit (which varies from department to department).

There are still a lot of other things to think about (for example, security considerations for anything other than unclassified data; accessibility considerations for both internal colleagues and members of the public, depending on the use-case; ways to export your data to avoid vendor lock-in). But, paying for a paid tier is a really important initial step.

Considerations (hat tip fellow policy wonks!)

The Directive is newly-published, but adds the flexibility that teams have been seeking for a long time. More guidance will probably come out in the future to help answer questions people might have about it. In the meantime, here’s a couple of considerations to keep in mind:

  1. Read all the terms before clicking “accept”. When you accept commercial terms, you are entering into a contract. Commercial terms may offer “best effort” protections for data recovery and may share data with third-parties. This isn’t to say you shouldn’t use a service, just know what you’re going into and make your usage proportional to the terms offered.
  2. Section B.1.1.4 is focused on low-value and low-risk software and subscriptions. “Low” isn’t quantified in the directive. $15/month Trello safely falls into this category, but when the buy is in the tens of thousands of dollars, it’s probably time to start thinking of negotiated terms instead of commercial terms. As you start committing more precious information or processes to a service, you will want tighter terms between you and the supplier. Fairness and competition also becomes a factor as the value increases.

All that said: you learn the most by trying something. Choose a low-cost online service that might speed up your team, and go for it! If you run into issues, check out Should it be blocked in my department? for some extra tips on getting started with online services in government settings.

What’s next?

One thing I’d like to see in future procurement guidance is clarification on how to apply competitive vs. sole-source thresholds to recurring subscription services over time – for example, if you were using a service that cost $10k per year, would you then, after four years, have to competitively procure it when you pass the $40k point?

Procurement folks that I’ve spoken to have shared different perspectives:

  • One view is that, with a monthly subscription (for example), the service is “delivered” and used each month. Because each month is a separate, complete deliverable, this doesn’t constitute contract-splitting (which would be, breaking a deliverable into smaller, incomplete pieces in order to fit below financial approval or reporting thresholds – like receiving half of an expensive bridge this fiscal year and the other half next fiscal year, as two “unrelated” contracts).
  • The other, opposing view is that the cost of services should be considered over the lifetime of the program that they’re procured to support (programs being, for example, “providing employment insurance to Canadians”). Under this view, teams would invariably need to competitively procure a given service eventually, once its cumulative total cost crossed the threshold.

I’m convinced that the first view is a stronger argument, but, of course, I’m biased since it leads to more public service teams being able to use modern online services more easily. The clarification I’d like to see – that finds a nice balance between both viewpoints – would be to apply the competitive bidding vs. sole-source threshold over a 12-month fiscal year basis. Under that approach, as long as a given service doesn’t cost more than $40k per year, you wouldn’t need to competitively procure it, even if you ended up using it the following year as well.

The takeaway for policy writers is: always attach time ranges to your financial thresholds! You’re welcome.

To unsung heroes

TBS’s Office of the Comptroller General – which published the new Directive on Management of Procurement – did phenomenal work to bring it out the door. Changing procurement policies is not a glamorous part of making government better, but it is so critical. There’s so much more to do, but in just a few sentences this Directive update solves an issue that public service teams have faced for years.

To Danielle, Daphné, Mark, and so many others at OCG, and to Scott and Sarah at OCIO who helped push this forward, you’re all awesome. Keep on rocking.