- Directions and priorities
- Roadmap
- Access to government services
- Access to government data
- Services to government employees
- Aligning agency applications
- Standardising enterprise applications
- Defining and reusing authoritative data
- Integrating workflow across government
- Unifying communications and networking
- Securing government information
- Aligning management of commodity software
- Building operational foundations
- Roadmap Overview Key
- Programme
- Common capabilities
- Resources
- COE Reference Architecture
- Benefits Realisation
- Checklist for agencies
- Enterprise Architecture
- Communication technologies
- Information and data
- Procurement and ICT contracts
- Trust and security
- Standards / compliance
- Agency Guides
- Government Use of Offshore ICT Service Providers
- Executive Summary
- Introduction
- Background
- Risk Management Approach
- Discussion of key risks
- Big picture risks
- Trust and public confidence risks
- Control risks
- Governance, management and project risks
- Economic risks
- Business continuity risks
- Security and integrity risks
- Privacy risks
- Legal, jurisdictional and commercial risks
- Fiscal risks
- Summary of key risks and mitigations
- Some topics to discuss with your legal advisors
- Resources
- FAQ
- Glossary
- NZGOAL
- Open source
- Overseas Hosting Risk Analysis
- Participation
- Government Use of Offshore ICT Service Providers
- Government Cloud Business Case 2011 FAQs
- Pre-2009 research
- Previous e-Government Strategy 2006
- The GCIO
Legal, jurisdictional and commercial risks
It is legally and practically more difficult for a New Zealand government agency or the New Zealand courts to enforce a contract with an offshore service provider, compared to a contract with a local provider. This is to some extent due to the potential difficulty in enforcement of the contract or some intervention by authorities in the offshore provider's home jurisdiction. Furthermore, it may require the government agency to obtain specialist legal advice in that foreign jurisdiction with consequent substantial costs and timeframes.
An aggravating factor may be the existence of foreign laws that override New Zealand's requirements for privacy, security and service continuity. Examples of these include laws that allow foreign governments unrestrained access to the information systems and data within their jurisdiction.
Agencies may also want to be careful to check the financial health of the company with which they are planning to do business so as to guard against the risk of loss of service or investment, and the difficulty in pursuing claims abroad, in the event of the company's bankruptcy, liquidation or other financial difficulty.
Legal and economic risks
- Non-compliance by the offshore provider with New Zealand's legislative requirements - Official Information Act 1982, Public Finance Act 1989, Privacy Act 1993, Public Records Act 2005.
- Subject to laws in another jurisdiction - simple differences in legislation or interpretation of laws, stability of laws, quality of legal system (independent judiciary), differences in standard contracts, choice of law in contracts, venue for disputes, laws affecting data privacy (e.g. US Patriot Act).
- Software licensing risks - unlicensed use of software, outsourcer software needs to be installed on local systems, unlawful distribution of software
- International law implications on commercial contracts
- Costs and difficulty of any foreign legal court action
- Bankruptcy, takeover, merger of or further outsourcing by contractor
- Effort required for maintenance of New Zealand third party support relationships
- Poor or variable outsourcer performance
- Contract lock-in
Example mitigations
- Design contract to cover all eventualities including, where relevant, any unacceptable Terms and Conditions or Acceptable Use Policy in the offshore provider's standard contracts. (see the section on topics to discuss with your legal advisors)
- Where practicable, contract for New Zealand governing law and jurisdiction.
- Check for indemnities that may be inconsistent with Public Finance Act and negotiate them out of the contract or seek Ministerial approval.
- Engage appropriate legal advice for contracts under foreign law
- Consider the value of New Zealand assets of the offshore service provider and whether the existence of those assets is likely to encourage compliance with the contract and relevant NZ legislation.
- Choose country very carefully - perform a risk analysis of host country and, where possible, the impact of likely legislative changes
- Understanding the process, costs, remedies and likely timeframes for litigation prior to contracting.
- Consider alternative dispute resolution mechanisms, being mindful of the forum for such resolution and the nature of any institutional or other mediation or arbitration rules that may be proposed.
- Impose performance and non-compliance penalties.
- Ensure sufficient opportunity exists for early termination of the contract due to poor performance.
- Evaluate what is the best mode of operation with local support providers (e.g. prime/sub-prime contracts)
- Limit scope for further outsourcing by the service provider
- Consider the need for a financial surety and/or performance guarantees
- Investigate insurance options to cover the risk of service provider failure - note that this does not prevent risks to service continuity; adequate disaster recovery, business continuity and early termination arrangements may need to be in place.
- Ensure sufficient financial reserves exist in case of litigation.
Printer-friendly version
Send by emailLatest updates
- SEEMail
- Getting innovation into Government ICT
- Toolkit for Agencies
- Government ICT Update - April 2013
- Open and Transparent Government
- Open and Transparent Government
- All-of-government cloud computing approach
- Invitation to contribute
- NZGOAL Guidance Note 1: Website copyright statements
- NZGOAL Guidance Note 2: File formats
RSS Feed
