Microsoft’s whole-of-government sourcing deal has swelled to more than $800 million, including more than doubling in the last two months, despite the US giant not yet receiving the newest security clearance required for whole of government and sensitive data services.
The company has not yet been certified under the federal government’s new Hosting Certification Framework, a controversial data sovereignty scheme that requires companies to pass tough security checks and to compensate the government if their actions require a re-platforming.
But this has not stopped government departments and agencies buying Microsoft products and services in ever increasing volumes under the arrangement.
The Microsoft volume source agreement is delivered through Microsoft licence seller Data#3 and its contract with the Digital Transformation Agency (DTA).
The agreement allows multiple government agencies to use common Microsoft applications and security services. It has now ballooned to more than $800 million, more than eight times its value in 2019 when it was last reissued by the DTA as more agencies and work orders are added.
The contract more than doubled in late September with a $490 million amendment that extended the arrangement for another three years at a higher rate. The current arrangement is now worth $807.5 million over six years.
The amendment, which represents increased use of Microsoft services across government, came after the introduction of the federal government Hosting Certification Framework (HCF).
The HCF was introduced earlier this year and in June government agencies were told they must use a HCF certified provider for any sensitive or whole of government data services.
Only 10 providers have received certification so far, with Microsoft a notable absence from the first tranche of cloud providers added last month.
Microsoft was understood to have been finalising its clearance at the time, but more than a month later it is yet to be awarded either of the clearance levels: Certified Assured or the higher Certified Strategic.
InnovationAus understands official certification is still underway and remains likely. Microsoft declined to comment on its certification progress or how the new regime impacted its sourcing deal.
The HCF requires any PROTECTED level data or whole of government systems to be hosted in certified facilities and run by certified providers, including cloud providers and systems integrators.
A lack of certification could potentially rule Microsoft out of consideration by agencies, which are required to assess if the data services they purchase require a certified provider.
“The [volume source agreement] is a whole-of-government sourcing arrangement for Government agencies to use when procuring Microsoft software and services,” a spokesperson for the Digital Transformation Agency said.
“Government agencies will continue to determine their need for certified hosting services based on the sensitivity of their data holdings.”
Asked whether Microsoft needed to be certified under the HCF to provide sensitive data and whole of government services through a volume source arrangement, the spokesperson would only say certifications are continuing.
“The DTA continues to certify providers against the Hosting Certification Framework and will update the website as additional providers become certified.”
Do you know more? Contact James Riley via Email.