CVHL is a one stop source of health information resources, as such, the primary functional requirement was a library-like cataloging system. Canadian Virtual Health Library (CVHL) came to OpenConcept Consulting Inc. with an outline, a list of requirements, and a budget.
Gathering Input About Government Procurement of Open Source Software
By Mike Gifford
I attended an excellent talk last night about GCPedia that was presented by Jeff Braybrook, Deputy Chief Technology Officer for Canada at a Third Tuesday Ottawa Gathering. It was excellent to hear more about the history of the adoption of the open source tool Mediawiki within the Government of Canada. Jeff described Canada's CTO office as being "Hawkish about open source", and wanting to use it as much as possible. At a time when procurement officers and IT departments are still questioning whether or not open source can be used within government, this was great news.
His view that wiki's would become as integrated in the government workplace as the phone and email were very refreshing too. Grabbing notes off of Joseph Thornley's Tweet, "Jeff Braybrook wants to open source not just because it is cheap - but also for its mentality: participation; cooperation; standards." Doug wrote up a detailed post about the event here in his blog.
After writing this post I've been sent a number of interesting links that I thought were very important to point out. The US Department of Defense has set up a Forge.mil project to promote open source development within the US military. When looking at procurement of open source within the government, we really have to look at Europe. Three really solid sites that the Canadian government should be looking towards are previously OSOR.eu - supporting and encouraging the re-use of publicly-financed Open Source Software developments, FLOSSPOLS - Free/Libre/Open Source Software: Policy Support, and Public Sector OSS - the European Commission's DG Information Society and Media
On a related note, a client of ours pointed us to the MERX listing that PWGSC added to gather information on how to obtain open source in Government. I'm not sure how many people will see it, as lots of open source folks don't use MERX, but do have an interest in seeing the government apply this well (even just as tax payers). I pulled the relevant questions out of the 7 page PDF and created a simpler questionnaire about government adoption of no charge licensed software. There is also a wiki response that folks can contribute to.
There's an Appendix to this document that I'd also like to see feedback on. Please address comments on this Appendix directly to this post.
Appendix B – DRAFT Guidelines - Decision Process for acquiring No Charge Licensed Software Draft proposed Process description The process begins with a request from an application delivery group or end user to use a particular piece of software. Depending on the nature of the acquisition (specifically, whether or not the acquisition involves a cost greater than $0), the process proceeds either through a conventional procurement workflow (not detailed here) or through the "No Charge" acquisition process. The No Charge process consists of five concurrent streams of activity, each of which is critical to the successful acquisition, management and integration of the software within the GC or departmental environment. These five streams consist of the following: 1. Architectural Review and Approval – This involves the applicable Enterprise Architecture group reviewing the product to ensure that it: - Is appropriate for the use specified in the request - Works well within the technical environment - Does not violate or overlap with any existing standards. 2. Financial Risk Assessment – Per Treasury Board Secretariat direction, the use of No Charge Software (particularly Free and OPEN SOURCE Software) requires the completion of a financial risk assessment. The financial risk assessment must consider the risk exposure per year against the financial benefit. Depending on the level of risk involved, approval of the risk assessment will be required by: -The applicable Senior Financial Officer or delegate – for substantive risk -The business owner of the impacted or system – where risk is non-substantive 3. Justification of No Charge Acquisition - A Procurement Officer must review the justification for acquisition of No Charge Software, for clarification and as due diligence for the validity of reasons and that they will stand possible future scrutiny. 4. Investigation of Security Risks – Given the potentially heightened security risk of downloadable No Charge Software, the appropriate IT Security Officer must investigate and approve No Charge Software before it is approved for use. In particular, the security assessment will assure that the product does not contain viruses, malware or other means for an attacker to compromise the GC or departmental environment. 5 Software License Review – Due to the diverse nature of license models associated with No Charge Software, a review must be conducted to identify potential legal/policy impediments for the GC in agreeing to a particular license agreement. The intent is to accumulate a list of acceptable licenses (including popular ones such as GPL, LGPL, Apache etc.) so that a particular license model would only have to be examined once across the entire GC. Some of the most significant legal/policy concerns would include: - No warranty or limitation of liability, the imposition of flow-through obligations to 3rd parties, and obligations that the Crown indemnify licensors or 3rd parties. - ownership of data manipulated/stored with the product - limitations on the use of the product conflicting with GC or departmental intent -instances where the Government of Canada could be obliged to pay the creator. If all five approvals are received, then the software can be installed on the appropriate environment(s), be they servers or desktops. The same change management and deployment processes apply as to software that has been acquired through conventional procurement.