This is not a bid solicitation. Canada is seeking feedback from the Industry with respect to No Charge Licensed Software....The following are the criteria described in the RFI that would be used in acquiring of Open Source Software:
Canada has a Request for Information (RFI) related to No-Charge Licensed Software (typically referred to as Free and Open Source Software or FOSS and also applicable to freeware)....
The purpose of the RFI is to help the Government of Canada (GC) put together guidelines related to the planning, acquisition, use and disposal of No Charge Licensed Software (NCLS). While there is already significant interest for No Charge Licensed Software within the Government of Canada there are many questions being asked, see below. There exists operationally a requirement to produce common guidelines that are fair, open and transparent and can be applied consistently across departments....
- In the Overview, the Crown provided a definition for No Charge Licensed Software. Is this an appropriate definition?
- What are reasonable criteria that the Crown should consider in a decision process for acquiring No Charge Licensed Software? Are there circumstances in which the acquisition of No Charge Licensed Software would not be advisable?
- How should existing Government Furnished Equipment, Services, Service Level Agreements and internal resources be considered when evaluating the usage of No Charge Licensed Software?
- How practical is No Charge Licensed Software? Are there hidden costs that need to be considered as part of the process of evaluating the alternatives available?
- Are the general financial, technical and security risks associated with acquiring and using No Charge Licensed Software?
- Do Open Standards and interoperability factor into evaluation considerations?
- Does the technology factor into the evaluation consideration, such as ability to maintain and evergreen?
- Does the Crown evaluate the flexibility of the licensing models for No Charge Licensed Software?
- What impact will No Charge Licensed Software have on Government Licensed End-User Networks (http://software.tpsgc.gc.ca//catalogue/index-e.cfm)
I would encourage those in the Open Source community and industry to participate in this interesting RFI.
- Architectural Review and Approval: This involves the applicable Enterprise Architecture group reviewing the product to ensure that it:
- Is appropriate for the use specified in the request
- Works well within the technical environment
- Does not violate or overlap with any existing standards
- Financial Risk Assessment: Per Treasury Board Secretariat direction, the use of No Charge Software (particularly Free and Open Source Software) requires the completion of a financial risk assessment. The financial risk assessment must consider the risk exposure per year against the financial benefit. Depending on the level of risk involved, approval of the risk assessment will be required by:
- The applicable Senior Financial Officer or delegate - for substantive risk
- The business owner of the impacted or system - where risk is non-substantive
- Justification of No Charge Acquisition - A Procurement Officer must review the justification for acquisition of No Charge Software, for clarification and as due diligence for the validity of reasons and that they will stand possible future scrutiny.
- Investigation of Security Risks - Given the potentially heightened security risk of downloadable No Charge Software, the appropriate IT Security Officer must investigate and approve No Charge Software before it is approved for use. In particular, the security assessment will assure that the product does not contain viruses, malware or other means for an attacker to compromise the GC or departmental environment.
- Software License Review - Due to the diverse nature of licence models associated with No Charge Software, a review must be conducted to identify potential legal/policy impediments for the GC in agreeing to a particular licence agreement. The intent is to accumulate a list of acceptable licences (including popular ones such as GPL, LGPL, Apache etc.) so that a particular license model would only have to be examined once across the entire GC.
Thanks to Russell McOrmond for pointing this out.