Your arrangements with the multinational company Service-Now and their ongoing email failures
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
The DTA makes use of the company "ServiceNow", a $216bn market-cap non-sovereign multinational organisation for (at least) the provision of email services, including the delivery of account activation and password-reset one-time emails which contain security codes that expire in 10 minutes. Here is a sample of SMTP headers from one email containing a reset code which expires in 10 minutes (I've removed my real email address):
Received: from outbound91.service-now.com (outbound91.service-now.com [199.91.136.28])
        by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id 4457ns0N2024109
        (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
        for <[email address]>; Sun, 5 May 2024 07:49:56 GMT
Received: from relay13.syd100.service-now.com (unknown [10.243.25.53])
        by outbound91.service-now.com (Postfix) with ESMTPS id 4F033181218ED
        for <[email address]>; Sun,  5 May 2024 00:48:37 -0700 (PDT)
Received: from outbound11.service-now.com (unknown [10.249.128.175])
        by fallback-outbound11.service-now.com (Postfix) with ESMTPS id CB16AC029893
        for <[email address]>; Sat,  4 May 2024 16:32:11 -0700 (PDT)
Received: from app130035.syd101.service-now.com (app130035.syd101.service-now.com [10.225.130.35])
        by outbound11.service-now.com (Postfix) with ESMTPSA id 8770E8266581
        for <[email address]>; Sat,  4 May 2024 16:32:06 -0700 (PDT)
Observe:
1. there is an 8-hour delay internally within the "SeciveNow" systems.
2. it ultimately delivers from the IP 199.91.136.28 (which is outside Australia)
Be aware that the FoI act does NOT restrict my questions to "documents" (e.g. "information" encompasses any paper or other material on which there is writing, a mark, figure, or symbol, electronically stored information, maps, plans, drawings, photographs, and any article from which sounds, images, or writing can be produced).
My requests are as follows:-
1. How long has the DTA been aware that emails they send out that contain security codes which expire in 10 minutes, are taking more than 10 minutes to arrive? (e.g. the "electronically stored information" of the DTA showing the first incidences of this email delay issue)
2. The number of times since this issue began that users have reported trouble as a result of these delays, and the number of times support staff responded to victims of this delay, allowing them to bypass this security feature.
3. The documents in connection with the Tender or other procurement process through which ServiceNow (and others) were invited, and ultimately through which it was awarded this business, and the number of other bidders for this business.
4. The number of times ServiceNow has been informed of email-related delivery issues, and the clauses from any contract with ServiceNow (or published beforehand, such as in my item 3 above) in relation to (a) timeliness of email transmissions, and (b) response times to reports of system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
a) the use of sovereign systems or providers for the handling of certain information, and the list or categories of information that falls under this sovereign requirement.
b) the handling of cyber security issues, such as password reset mechanisms, and user verification requirements for allowing unidentified individuals on phone calls to obtain access to supplier account logins (bypassing verification codes)
6. The budget (financial dollar amount) of the DTA which is allocated for the payment of external service providers, and if it exists, the breakdown of categories within that budget (e.g. hosting, email, design, support, etc) and the amounts for each.
Note that I am deliberately requesting information that is specifically designed to publicly embarrass your department. Our FoI act specifically allows me to do this, and forbids you to withhold answers based on this. Please try to honor the purpose and intent of our FoI act and fully, honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
OFFICIAL
Good morning, C Drake
Thank you for your FOI request.
I writing to notify you that I will be looking after your request.
Under subsection 15(3), I have an obligation to assist you with the FOI process.
To assist you with your request, I'm wondering if you could please give me a call to discuss.
I just would like to ensure that I understand your request.
In the meantime, I have provided some useful links for your information on the process.
https://www.oaic.gov.au/freedom-of-infor...
https://www.legislation.gov.au/C2004A025...
I look forward to your call.
Thanks
Suzie Sazdanovic
Privacy and FOI Manager
Digital Transformation Agency
suzie.sazdanovic+AEA-dta.gov.au +AHw- dta.gov.au
Ngunnawal Country +AHw- 11 Moore Street, Canberra, ACT 2600
+-61 2 6120 8595
OFFICIAL
-----Original Message-----
From: C Drake +ADw-foi+-request-11392-862945f4+AEA-righttoknow.org.au+AD4-
Sent: Tuesday, May 7, 2024 10:15 AM
To: DTA FOI +ADw-foi+AEA-dta.gov.au+AD4-
Subject: Freedom of Information request - Your arrangements with the multinational company Service-Now and their ongoing email failures
Be careful with this message
External email. Do not click links or open attachments unless you recognise the sender and know the content is safe.
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
The DTA makes use of the company +ACI-ServiceNow+ACI-, a +ACQ-216bn market-cap non-sovereign multinational organisation for (at least) the provision of email services, including the delivery of account activation and password-reset one-time emails which contain security codes that expire in 10 minutes. Here is a sample of SMTP headers from one email containing a reset code which expires in 10 minutes (I've removed my real email address):
Received: from outbound91.service-now.com (outbound91.service-now.com +AFs-199.91.136.28+AF0-)
 by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id 4457ns0N2024109
 (version+AD0-TLSv1.3 cipher+AD0-TLS+AF8-AES+AF8-256+AF8-GCM+AF8-SHA384 bits+AD0-256 verify+AD0-NOT)
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sun, 5 May 2024 07:49:56 GMT
Received: from relay13.syd100.service-now.com (unknown +AFs-10.243.25.53+AF0-)
 by outbound91.service-now.com (Postfix) with ESMTPS id 4F033181218ED
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sun, 5 May 2024 00:48:37 -0700 (PDT)
Received: from outbound11.service-now.com (unknown +AFs-10.249.128.175+AF0-)
 by fallback-outbound11.service-now.com (Postfix) with ESMTPS id CB16AC029893
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sat, 4 May 2024 16:32:11 -0700 (PDT)
Received: from app130035.syd101.service-now.com (app130035.syd101.service-now.com +AFs-10.225.130.35+AF0-)
 by outbound11.service-now.com (Postfix) with ESMTPSA id 8770E8266581
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sat, 4 May 2024 16:32:06 -0700 (PDT)
Observe:
1. there is an 8-hour delay internally within the +ACI-SeciveNow+ACI- systems.
2. it ultimately delivers from the IP 199.91.136.28 (which is outside Australia)
Be aware that the FoI act does NOT restrict my questions to +ACI-documents+ACI- (e.g. +ACI-information+ACI- encompasses any paper or other material on which there is writing, a mark, figure, or symbol, electronically stored information, maps, plans, drawings, photographs, and any article from which sounds, images, or writing can be produced).
My requests are as follows:-
1. How long has the DTA been aware that emails they send out that contain security codes which expire in 10 minutes, are taking more than 10 minutes to arrive? (e.g. the +ACI-electronically stored information+ACI- of the DTA showing the first incidences of this email delay issue)
2. The number of times since this issue began that users have reported trouble as a result of these delays, and the number of times support staff responded to victims of this delay, allowing them to bypass this security feature.
3. The documents in connection with the Tender or other procurement process through which ServiceNow (and others) were invited, and ultimately through which it was awarded this business, and the number of other bidders for this business.
4. The number of times ServiceNow has been informed of email-related delivery issues, and the clauses from any contract with ServiceNow (or published beforehand, such as in my item 3 above) in relation to (a) timeliness of email transmissions, and (b) response times to reports of system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
a) the use of sovereign systems or providers for the handling of certain information, and the list or categories of information that falls under this sovereign requirement.
b) the handling of cyber security issues, such as password reset mechanisms, and user verification requirements for allowing unidentified individuals on phone calls to obtain access to supplier account logins (bypassing verification codes)
6. The budget (financial dollar amount) of the DTA which is allocated for the payment of external service providers, and if it exists, the breakdown of categories within that budget (e.g. hosting, email, design, support, etc) and the amounts for each.
Note that I am deliberately requesting information that is specifically designed to publicly embarrass your department. Our FoI act specifically allows me to do this, and forbids you to withhold answers based on this. Please try to honor the purpose and intent of our FoI act and fully, honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
-------------------------------------------------------------------
Please use this email address for all replies to this request:
foi+-request-11392-862945f4+AEA-righttoknow.org.au
Is foi+AEA-dta.gov.au the wrong address for Freedom of Information requests to Digital Transformation Agency? If so, please contact us using this form:
https://www.righttoknow.org.au/change+AF...
This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/offi...
Please note that in some cases publication of requests and responses will be delayed.
If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
OFFICIAL
Good morning, C Drake
 DTA has not received a response to our email of 13 May 2024, and we have
 decided to proceed based on our understand of your request.
 Below is the Acknowledgement and notice of consultation in response to
 your request.
 The Digital Transformation Agency (DTA) acknowledges receipt of your
 Freedom of Information (FOI) request made 7 May 2024 for:
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
Notice of Consultation
 DTA has identified information relating to third parties contained within
 the requested document. As a result, DTA is required to consult.
 Your request covers a document relating to the business, commercial or
 financial affairs of an organization. Accordingly, DTA is required to
 consult with the organisation concerned before making a decision on the
 release of this document.
 Section 27 of the FOI Act provides that if a request is made to an agency
 for access to a document containing business information organisation, and
 it appears to the agency that the organization might reasonably wish to
 make a contention that the document is exempt under section 47 (trade
 secrets etc), or section 47G (business information) of the FOI Act, then
 the agency must not decide to give access to the document unless the
 organisation concerned is given a reasonable opportunity to make
 submissions in support of their contention, if it is reasonably
 practicable to do so.
 The DTA will take into account any comments we receive from the
 organisation. However, the final decision on whether to grant access to
 the document requested rests with DTA.
 In accordance with section 15(6) of the FOI Act, the period for processing
 your request has been extended by an additional 30 days in order to allow
 DTA time to consult with the organisation. The processing period for this
 request will now end on 4 July 2024.
 Drafts and Duplicates
 In making a decision the DTA will exclude draft and duplicate copies, only
 including final versions that fit the scope of your request. If you
 require this information, please inform us within five days, otherwise
 these documents will be deemed irrelevant to your request and removed
 under section 22 of the FOI Act.
 Please contact me if you wish to discuss your request.
 Regards
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [1][email address] | dta.gov.au
 Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
 +61 2 6120 8595
OFFICIAL
OFFICIAL
 -----Original Message-----
 From: DTA FOI
 Sent: Monday, May 13, 2024 9:20 AM
 To: C Drake <[2][FOI #11392 email]>; DTA FOI
 <[3][DTA request email]>
 Subject: RE: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
Good morning, C Drake
Thank you for your FOI request.
I writing to notify you that I will be looking after your request.
 Under subsection 15(3), I have an obligation to assist you with the FOI
 process.
 To assist you with your request, I'm wondering if you could please give me
 a call to discuss.
I just would like to ensure that I understand your request.
 In the meantime, I have provided some useful links for your information on
 the process.
 [4]https://www.oaic.gov.au/freedom-of-infor...
 [5]https://www.legislation.gov.au/C2004A025...
I look forward to your call.
Thanks
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [6][email address] | dta.gov.au Ngunnawal Country | 11 Moore
 Street, Canberra, ACT 2600
 +61 2 6120 8595
 -----Original Message-----
 From: C Drake <[7][FOI #11392 email]>
 Sent: Tuesday, May 7, 2024 10:15 AM
 To: DTA FOI <[8][DTA request email]>
 Subject: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
 Be careful with this message
 External email. Do not click links or open attachments unless you
 recognise the sender and know the content is safe.
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
 The DTA makes use of the company "ServiceNow", a $216bn market-cap
 non-sovereign multinational organisation for (at least) the provision of
 email services, including the delivery of account activation and
 password-reset one-time emails which contain security codes that expire in
 10 minutes.  Here is a sample of SMTP headers from one email containing a
 reset code which expires in 10 minutes (I've removed my real email
 address):
 Received: from outbound91.service-now.com (outbound91.service-now.com
 [199.91.136.28])
         by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id
 4457ns0N2024109
         (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256
 verify=NOT)
         for <[9][email address]>; Sun, 5 May 2024 07:49:56 GMT
 Received: from relay13.syd100.service-now.com (unknown [10.243.25.53])
         by outbound91.service-now.com (Postfix) with ESMTPS id
 4F033181218ED
         for <[10][email address]>; Sun,  5 May 2024 00:48:37 -0700 (PDT)
 Received: from outbound11.service-now.com (unknown [10.249.128.175])
         by fallback-outbound11.service-now.com (Postfix) with ESMTPS id
 CB16AC029893
         for <[11][email address]>; Sat,  4 May 2024 16:32:11 -0700 (PDT)
 Received: from app130035.syd101.service-now.com
 (app130035.syd101.service-now.com [10.225.130.35])
         by outbound11.service-now.com (Postfix) with ESMTPSA id
 8770E8266581
         for <[12][email address]>; Sat,  4 May 2024 16:32:06 -0700 (PDT)
 Observe:
 1. there is an 8-hour delay internally within the "SeciveNow" systems.
 2. it ultimately delivers from the IP 199.91.136.28 (which is outside
 Australia)
 Be aware that the FoI act does NOT restrict my questions to "documents"
 (e.g. "information" encompasses any paper or other material on which there
 is writing, a mark, figure, or symbol, electronically stored information,
 maps, plans, drawings, photographs, and any article from which sounds,
 images, or writing can be produced).
My requests are as follows:-
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
 Note that I am deliberately requesting information that is specifically
 designed to publicly embarrass your department. Our FoI act specifically
 allows me to do this, and forbids you to withhold answers based on this.
 Please try to honor the purpose and intent of our FoI act and fully,
 honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
-------------------------------------------------------------------
 Please use this email address for all replies to this request:
 [13][FOI #11392 email]
 Is [14][DTA request email] the wrong address for Freedom of Information
 requests to Digital Transformation Agency? If so, please contact us using
 this form:
 [15]https://www.righttoknow.org.au/change_re...
 This request has been made by an individual using Right to Know. This
 message and any reply that you make will be published on the internet.
 More information on how Right to Know works can be found at:
 [16]https://www.righttoknow.org.au/help/offi...
 Please note that in some cases publication of requests and responses will
 be delayed.
 If you find this service useful as an FOI officer, please ask your web
 manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
 ______________________________________________________________________ 
 IMPORTANT: This message, and any attachments to it, contains information 
 that is confidential and may also be the subject of legal professional or 
 other privilege. If you are not the intended recipient of this message,
 you 
 must not review, copy, disseminate or disclose its contents to any other 
 party or take action in reliance of any material contained within it. If
 you 
 have received this message in error, please notify the sender immediately
 by 
 return email informing them of the mistake and delete all copies of the 
 message from your computer system. 
 ______________________________________________________________________
References
 Visible links
 1. mailto:[email address]
 2. mailto:[FOI #11392 email]
 3. mailto:[DTA request email]
 4. https://www.oaic.gov.au/freedom-of-infor...
 5. https://www.legislation.gov.au/C2004A025...
 6. mailto:[email address]
 7. mailto:[FOI #11392 email]
 8. mailto:[DTA request email]
 9. mailto:[email address]
 10. mailto:[email address]
 11. mailto:[email address]
 12. mailto:[email address]
 13. mailto:[FOI #11392 email]
 14. mailto:[DTA request email]
 15. https://www.righttoknow.org.au/change_re...
 16. https://www.righttoknow.org.au/help/offi...
OFFICIAL
Dear Mr Drake
 DTA is seeking an additional 30 day to process your request under section
 15AA.
Reason:
 DTA has received an unprecedent number of FOI requests during the same
 period we received your request. We have also had illness, which has also
 created delays in processing your request.
What have we done to date:
 We have identified 15 file and additional 9 documents that possibly relate
 to the scope of your request. To date, I have only reviewed 3 of these
 files and identified 4 entities that will still require consultation.
 We respectfully request that you agree to this request in writing by 4
 July 2024.
 Please note: DTA will endeavour to try a process your request as quickly
 as possible.
Happy to discuss any concerns.
Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
[1][email address] | dta.gov.au
Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
+61 2 6120 8595
OFFICIAL
 From: DTA FOI
 Sent: Tuesday, June 4, 2024 12:01 PM
 To: C Drake <[FOI #11392 email]>
 Subject: Acknowledgement and Notice of consultation FOI 0012- Your
 arrangements with the multinational company Service-Now and their ongoing
 email failures
Good morning, C Drake
 DTA has not received a response to our email of 13 May 2024, and we have
 decided to proceed based on our understand of your request.
 Below is the Acknowledgement and notice of consultation in response to
 your request.
 The Digital Transformation Agency (DTA) acknowledges receipt of your
 Freedom of Information (FOI) request made 7 May 2024 for:
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
Notice of Consultation
 DTA has identified information relating to third parties contained within
 the requested document. As a result, DTA is required to consult.
 Your request covers a document relating to the business, commercial or
 financial affairs of an organization. Accordingly, DTA is required to
 consult with the organisation concerned before making a decision on the
 release of this document.
 Section 27 of the FOI Act provides that if a request is made to an agency
 for access to a document containing business information organisation, and
 it appears to the agency that the organization might reasonably wish to
 make a contention that the document is exempt under section 47 (trade
 secrets etc), or section 47G (business information) of the FOI Act, then
 the agency must not decide to give access to the document unless the
 organisation concerned is given a reasonable opportunity to make
 submissions in support of their contention, if it is reasonably
 practicable to do so.
 The DTA will take into account any comments we receive from the
 organisation. However, the final decision on whether to grant access to
 the document requested rests with DTA.
 In accordance with section 15(6) of the FOI Act, the period for processing
 your request has been extended by an additional 30 days in order to allow
 DTA time to consult with the organisation. The processing period for this
 request will now end on 4 July 2024.
 Drafts and Duplicates
 In making a decision the DTA will exclude draft and duplicate copies, only
 including final versions that fit the scope of your request. If you
 require this information, please inform us within five days, otherwise
 these documents will be deemed irrelevant to your request and removed
 under section 22 of the FOI Act.
 Please contact me if you wish to discuss your request.
 Regards
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [2][email address] | dta.gov.au
 Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
 +61 2 6120 8595
 OFFICIAL
 -----Original Message-----
 From: DTA FOI
 Sent: Monday, May 13, 2024 9:20 AM
 To: C Drake <[3][FOI #11392 email]>; DTA FOI
 <[4][DTA request email]>
 Subject: RE: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
Good morning, C Drake
Thank you for your FOI request.
I writing to notify you that I will be looking after your request.
 Under subsection 15(3), I have an obligation to assist you with the FOI
 process.
 To assist you with your request, I'm wondering if you could please give me
 a call to discuss.
I just would like to ensure that I understand your request.
 In the meantime, I have provided some useful links for your information on
 the process.
 [5]https://www.oaic.gov.au/freedom-of-infor...
 [6]https://www.legislation.gov.au/C2004A025...
I look forward to your call.
Thanks
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [7][email address] | dta.gov.au Ngunnawal Country | 11 Moore
 Street, Canberra, ACT 2600
 +61 2 6120 8595
 -----Original Message-----
 From: C Drake <[8][FOI #11392 email]>
 Sent: Tuesday, May 7, 2024 10:15 AM
 To: DTA FOI <[9][DTA request email]>
 Subject: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
 Be careful with this message
 External email. Do not click links or open attachments unless you
 recognise the sender and know the content is safe.
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
 The DTA makes use of the company "ServiceNow", a $216bn market-cap
 non-sovereign multinational organisation for (at least) the provision of
 email services, including the delivery of account activation and
 password-reset one-time emails which contain security codes that expire in
 10 minutes.  Here is a sample of SMTP headers from one email containing a
 reset code which expires in 10 minutes (I've removed my real email
 address):
 Received: from outbound91.service-now.com (outbound91.service-now.com
 [199.91.136.28])
         by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id
 4457ns0N2024109
         (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256
 verify=NOT)
         for <[10][email address]>; Sun, 5 May 2024 07:49:56 GMT
 Received: from relay13.syd100.service-now.com (unknown [10.243.25.53])
         by outbound91.service-now.com (Postfix) with ESMTPS id
 4F033181218ED
         for <[11][email address]>; Sun,  5 May 2024 00:48:37 -0700 (PDT)
 Received: from outbound11.service-now.com (unknown [10.249.128.175])
         by fallback-outbound11.service-now.com (Postfix) with ESMTPS id
 CB16AC029893
         for <[12][email address]>; Sat,  4 May 2024 16:32:11 -0700 (PDT)
 Received: from app130035.syd101.service-now.com
 (app130035.syd101.service-now.com [10.225.130.35])
         by outbound11.service-now.com (Postfix) with ESMTPSA id
 8770E8266581
         for <[13][email address]>; Sat,  4 May 2024 16:32:06 -0700 (PDT)
 Observe:
 1. there is an 8-hour delay internally within the "SeciveNow" systems.
 2. it ultimately delivers from the IP 199.91.136.28 (which is outside
 Australia)
 Be aware that the FoI act does NOT restrict my questions to "documents"
 (e.g. "information" encompasses any paper or other material on which there
 is writing, a mark, figure, or symbol, electronically stored information,
 maps, plans, drawings, photographs, and any article from which sounds,
 images, or writing can be produced).
My requests are as follows:-
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
 Note that I am deliberately requesting information that is specifically
 designed to publicly embarrass your department. Our FoI act specifically
 allows me to do this, and forbids you to withhold answers based on this.
 Please try to honor the purpose and intent of our FoI act and fully,
 honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
-------------------------------------------------------------------
 Please use this email address for all replies to this request:
 [14][FOI #11392 email]
 Is [15][DTA request email] the wrong address for Freedom of Information
 requests to Digital Transformation Agency? If so, please contact us using
 this form:
 [16]https://www.righttoknow.org.au/change_re...
 This request has been made by an individual using Right to Know. This
 message and any reply that you make will be published on the internet.
 More information on how Right to Know works can be found at:
 [17]https://www.righttoknow.org.au/help/offi...
 Please note that in some cases publication of requests and responses will
 be delayed.
 If you find this service useful as an FOI officer, please ask your web
 manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
 ______________________________________________________________________ 
 IMPORTANT: This message, and any attachments to it, contains information 
 that is confidential and may also be the subject of legal professional or 
 other privilege. If you are not the intended recipient of this message,
 you 
 must not review, copy, disseminate or disclose its contents to any other 
 party or take action in reliance of any material contained within it. If
 you 
 have received this message in error, please notify the sender immediately
 by 
 return email informing them of the mistake and delete all copies of the 
 message from your computer system. 
 ______________________________________________________________________
References
 Visible links
 1. mailto:[email address]
 2. mailto:[email address]
 3. mailto:[FOI #11392 email]
 4. mailto:[DTA request email]
 5. https://www.oaic.gov.au/freedom-of-infor...
 6. https://www.legislation.gov.au/C2004A025...
 7. mailto:[email address]
 8. mailto:[FOI #11392 email]
 9. mailto:[DTA request email]
 10. mailto:[email address]
 11. mailto:[email address]
 12. mailto:[email address]
 13. mailto:[email address]
 14. mailto:[FOI #11392 email]
 15. mailto:[DTA request email]
 16. https://www.righttoknow.org.au/change_re...
 17. https://www.righttoknow.org.au/help/offi...
OFFICIAL
Good morning, Mr Drake
I hope you are well!
 It is with regret that I need to inform you that DTA is now required to
 apply for an extension through the Office of The Australian Information
 Commission because DTA has not received a response to our email below and
 your request is now overdue.
I’ll keep you in the loop of our progress.
Happy to discuss any concerns.
Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
[1][email address] | dta.gov.au
Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
+61 2 6120 8595
OFFICIAL
 From: DTA FOI <[DTA request email]>
 Sent: Wednesday, July 3, 2024 12:07 PM
 To: DTA FOI <[DTA request email]>; 'C Drake'
 <[FOI #11392 email]>
 Subject: [SEC=OFFICIAL] FOI 0012 Request for extension of time response
 required by 4 July 2024.
OFFICIAL
Dear Mr Drake
 DTA is seeking an additional 30 day to process your request under section
 15AA.
Reason:
 DTA has received an unprecedent number of FOI requests during the same
 period we received your request. We have also had illness, which has also
 created delays in processing your request.
What have we done to date:
 We have identified 15 file and additional 9 documents that possibly relate
 to the scope of your request. To date, I have only reviewed 3 of these
 files and identified 4 entities that will still require consultation.
 We respectfully request that you agree to this request in writing by 4
 July 2024.
 Please note: DTA will endeavour to try a process your request as quickly
 as possible.
Happy to discuss any concerns.
Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
[2][email address] | dta.gov.au
Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
+61 2 6120 8595
OFFICIAL
 From: DTA FOI
 Sent: Tuesday, June 4, 2024 12:01 PM
 To: C Drake <[3][FOI #11392 email]>
 Subject: Acknowledgement and Notice of consultation FOI 0012- Your
 arrangements with the multinational company Service-Now and their ongoing
 email failures
Good morning, C Drake
 DTA has not received a response to our email of 13 May 2024, and we have
 decided to proceed based on our understand of your request.
 Below is the Acknowledgement and notice of consultation in response to
 your request.
 The Digital Transformation Agency (DTA) acknowledges receipt of your
 Freedom of Information (FOI) request made 7 May 2024 for:
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
Notice of Consultation
 DTA has identified information relating to third parties contained within
 the requested document. As a result, DTA is required to consult.
 Your request covers a document relating to the business, commercial or
 financial affairs of an organization. Accordingly, DTA is required to
 consult with the organisation concerned before making a decision on the
 release of this document.
 Section 27 of the FOI Act provides that if a request is made to an agency
 for access to a document containing business information organisation, and
 it appears to the agency that the organization might reasonably wish to
 make a contention that the document is exempt under section 47 (trade
 secrets etc), or section 47G (business information) of the FOI Act, then
 the agency must not decide to give access to the document unless the
 organisation concerned is given a reasonable opportunity to make
 submissions in support of their contention, if it is reasonably
 practicable to do so.
 The DTA will take into account any comments we receive from the
 organisation. However, the final decision on whether to grant access to
 the document requested rests with DTA.
 In accordance with section 15(6) of the FOI Act, the period for processing
 your request has been extended by an additional 30 days in order to allow
 DTA time to consult with the organisation. The processing period for this
 request will now end on 4 July 2024.
 Drafts and Duplicates
 In making a decision the DTA will exclude draft and duplicate copies, only
 including final versions that fit the scope of your request. If you
 require this information, please inform us within five days, otherwise
 these documents will be deemed irrelevant to your request and removed
 under section 22 of the FOI Act.
 Please contact me if you wish to discuss your request.
 Regards
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [4][email address] | dta.gov.au
 Ngunnawal Country | 11 Moore Street, Canberra, ACT 2600
 +61 2 6120 8595
 OFFICIAL
 -----Original Message-----
 From: DTA FOI
 Sent: Monday, May 13, 2024 9:20 AM
 To: C Drake <[5][FOI #11392 email]>; DTA FOI
 <[6][DTA request email]>
 Subject: RE: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
Good morning, C Drake
Thank you for your FOI request.
I writing to notify you that I will be looking after your request.
 Under subsection 15(3), I have an obligation to assist you with the FOI
 process.
 To assist you with your request, I'm wondering if you could please give me
 a call to discuss.
I just would like to ensure that I understand your request.
 In the meantime, I have provided some useful links for your information on
 the process.
 [7]https://www.oaic.gov.au/freedom-of-infor...
 [8]https://www.legislation.gov.au/C2004A025...
I look forward to your call.
Thanks
 Suzie Sazdanovic
 Privacy and FOI Manager
 Digital Transformation Agency
 [9][email address] | dta.gov.au Ngunnawal Country | 11 Moore
 Street, Canberra, ACT 2600
 +61 2 6120 8595
 -----Original Message-----
 From: C Drake <[10][FOI #11392 email]>
 Sent: Tuesday, May 7, 2024 10:15 AM
 To: DTA FOI <[11][DTA request email]>
 Subject: Freedom of Information request - Your arrangements with the
 multinational company Service-Now and their ongoing email failures
 Be careful with this message
 External email. Do not click links or open attachments unless you
 recognise the sender and know the content is safe.
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
 The DTA makes use of the company "ServiceNow", a $216bn market-cap
 non-sovereign multinational organisation for (at least) the provision of
 email services, including the delivery of account activation and
 password-reset one-time emails which contain security codes that expire in
 10 minutes.  Here is a sample of SMTP headers from one email containing a
 reset code which expires in 10 minutes (I've removed my real email
 address):
 Received: from outbound91.service-now.com (outbound91.service-now.com
 [199.91.136.28])
         by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id
 4457ns0N2024109
         (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256
 verify=NOT)
         for <[12][email address]>; Sun, 5 May 2024 07:49:56 GMT
 Received: from relay13.syd100.service-now.com (unknown [10.243.25.53])
         by outbound91.service-now.com (Postfix) with ESMTPS id
 4F033181218ED
         for <[13][email address]>; Sun,  5 May 2024 00:48:37 -0700 (PDT)
 Received: from outbound11.service-now.com (unknown [10.249.128.175])
         by fallback-outbound11.service-now.com (Postfix) with ESMTPS id
 CB16AC029893
         for <[14][email address]>; Sat,  4 May 2024 16:32:11 -0700 (PDT)
 Received: from app130035.syd101.service-now.com
 (app130035.syd101.service-now.com [10.225.130.35])
         by outbound11.service-now.com (Postfix) with ESMTPSA id
 8770E8266581
         for <[15][email address]>; Sat,  4 May 2024 16:32:06 -0700 (PDT)
 Observe:
 1. there is an 8-hour delay internally within the "SeciveNow" systems.
 2. it ultimately delivers from the IP 199.91.136.28 (which is outside
 Australia)
 Be aware that the FoI act does NOT restrict my questions to "documents"
 (e.g. "information" encompasses any paper or other material on which there
 is writing, a mark, figure, or symbol, electronically stored information,
 maps, plans, drawings, photographs, and any article from which sounds,
 images, or writing can be produced).
My requests are as follows:-
 1. How long has the DTA been aware that emails they send out that contain
 security codes which expire in 10 minutes, are taking more than 10 minutes
 to arrive? (e.g. the  "electronically stored information" of the DTA
 showing the first incidences of this email delay issue)
 2. The number of times since this issue began that users have reported
 trouble as a result of these delays, and the number of times support staff
 responded to victims of this delay, allowing them to bypass this security
 feature.
 3. The documents in connection with the Tender or other procurement
 process through which ServiceNow (and others) were invited, and ultimately
 through which it was awarded this business, and the number of other
 bidders for this business.
 4. The number of times ServiceNow has been informed of email-related
 delivery issues, and the clauses from any contract with ServiceNow (or
 published beforehand, such as in my item 3 above) in relation to (a)
 timeliness of email transmissions, and (b) response times to reports of
 system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
 a) the use of sovereign systems or providers for the handling of certain
 information, and the list or categories of information that falls under
 this sovereign requirement.
 b) the handling of cyber security issues, such as password reset
 mechanisms, and user verification requirements for allowing unidentified
 individuals on phone calls to obtain access to supplier account logins
 (bypassing verification codes)
 6. The budget (financial dollar amount) of the DTA which is allocated for
 the payment of external service providers, and if it exists, the breakdown
 of categories within that budget (e.g. hosting, email, design, support,
 etc) and the amounts for each.
 Note that I am deliberately requesting information that is specifically
 designed to publicly embarrass your department. Our FoI act specifically
 allows me to do this, and forbids you to withhold answers based on this.
 Please try to honor the purpose and intent of our FoI act and fully,
 honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
-------------------------------------------------------------------
 Please use this email address for all replies to this request:
 [16][FOI #11392 email]
 Is [17][DTA request email] the wrong address for Freedom of Information
 requests to Digital Transformation Agency? If so, please contact us using
 this form:
 [18]https://www.righttoknow.org.au/change_re...
 This request has been made by an individual using Right to Know. This
 message and any reply that you make will be published on the internet.
 More information on how Right to Know works can be found at:
 [19]https://www.righttoknow.org.au/help/offi...
 Please note that in some cases publication of requests and responses will
 be delayed.
 If you find this service useful as an FOI officer, please ask your web
 manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
 ______________________________________________________________________ 
 IMPORTANT: This message, and any attachments to it, contains information 
 that is confidential and may also be the subject of legal professional or 
 other privilege. If you are not the intended recipient of this message,
 you 
 must not review, copy, disseminate or disclose its contents to any other 
 party or take action in reliance of any material contained within it. If
 you 
 have received this message in error, please notify the sender immediately
 by 
 return email informing them of the mistake and delete all copies of the 
 message from your computer system. 
 ______________________________________________________________________
References
 Visible links
 1. mailto:[email address]
 2. mailto:[email address]
 3. mailto:[FOI #11392 email]
 4. mailto:[email address]
 5. mailto:[FOI #11392 email]
 6. mailto:[DTA request email]
 7. https://www.oaic.gov.au/freedom-of-infor...
 8. https://www.legislation.gov.au/C2004A025...
 9. mailto:[email address]
 10. mailto:[FOI #11392 email]
 11. mailto:[DTA request email]
 12. mailto:[email address]
 13. mailto:[email address]
 14. mailto:[email address]
 15. mailto:[email address]
 16. mailto:[FOI #11392 email]
 17. mailto:[DTA request email]
 18. https://www.righttoknow.org.au/change_re...
 19. https://www.righttoknow.org.au/help/offi...
Our reference: RQ24/02715
Agency reference: FOI12/2024
 Agency name              Digital Transformation Agency
 By Email:                        [DTA request email]
 Name                              C Drake
 By Email:                       
 [FOI #11392 email]
Extension of time under s 15AC
Dear Parties,
 Please find attached an extension of time decision relating to the above
 referenced FOI request.
Regards
[1][IMG] Andriana DeIeso
Review Adviser
Office of the Australian Information Commissioner
GPO Box 5288 Sydney NSW 2001
 E [2][email address]
  
 I am available Monday to Wednesday; Tuesday and Wednesday alternate
 weeks.  
 The OAIC acknowledges Traditional Custodians of Country across
 Australia and their continuing connection to land, waters and
 communities. We pay our respect to First Nations people,
 cultures and Elders past and present.  
[3]Subscribe to Information Matters
      
  
  
    
Notice:
 The information contained in this email message and any attached files may
 be confidential information, and may also be the subject of legal
 professional privilege. If you are not the intended recipient any use,
 disclosure or copying of this email is unauthorised. If you received this
 email in error, please notify the sender by contacting the department's
 switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
 time) and delete all copies of this transmission together with any
 attachments.
References
 Visible links
 1. https://www.oaic.gov.au/
 2. mailto:[email address]
 3. https://www.oaic.gov.au/engage-with-us/n...
OFFICIAL
Dear C Drake
Please find enclosed the decision in response to your request.
If you have any questions, please don't hesitate to contact me directly.
Thanks
Suzie Sazdanovic
Privacy and FOI Manager
Digital Transformation Agency
suzie.sazdanovic+AEA-dta.gov.au +AHw- dta.gov.au
Ngunnawal Country +AHw- 11 Moore Street, Canberra, ACT 2600
+-61 2 6120 8595
OFFICIAL
-----Original Message-----
From: C Drake +ADw-foi+-request-11392-862945f4+AEA-righttoknow.org.au+AD4-
Sent: Tuesday, May 7, 2024 10:15 AM
To: DTA FOI +ADw-foi+AEA-dta.gov.au+AD4-
Subject: Freedom of Information request - Your arrangements with the multinational company Service-Now and their ongoing email failures
Be careful with this message
External email. Do not click links or open attachments unless you recognise the sender and know the content is safe.
Dear Digital Transformation Agency,
This is a Freedom-of-Information request.
The DTA makes use of the company +ACI-ServiceNow+ACI-, a +ACQ-216bn market-cap non-sovereign multinational organisation for (at least) the provision of email services, including the delivery of account activation and password-reset one-time emails which contain security codes that expire in 10 minutes. Here is a sample of SMTP headers from one email containing a reset code which expires in 10 minutes (I've removed my real email address):
Received: from outbound91.service-now.com (outbound91.service-now.com +AFs-199.91.136.28+AF0-)
 by esmtp.mydomain.com (8.15.2/8.15.2) with ESMTPS id 4457ns0N2024109
 (version+AD0-TLSv1.3 cipher+AD0-TLS+AF8-AES+AF8-256+AF8-GCM+AF8-SHA384 bits+AD0-256 verify+AD0-NOT)
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sun, 5 May 2024 07:49:56 GMT
Received: from relay13.syd100.service-now.com (unknown +AFs-10.243.25.53+AF0-)
 by outbound91.service-now.com (Postfix) with ESMTPS id 4F033181218ED
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sun, 5 May 2024 00:48:37 -0700 (PDT)
Received: from outbound11.service-now.com (unknown +AFs-10.249.128.175+AF0-)
 by fallback-outbound11.service-now.com (Postfix) with ESMTPS id CB16AC029893
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sat, 4 May 2024 16:32:11 -0700 (PDT)
Received: from app130035.syd101.service-now.com (app130035.syd101.service-now.com +AFs-10.225.130.35+AF0-)
 by outbound11.service-now.com (Postfix) with ESMTPSA id 8770E8266581
 for +ADw-me+AEA-mydomain.com+AD4AOw- Sat, 4 May 2024 16:32:06 -0700 (PDT)
Observe:
1. there is an 8-hour delay internally within the +ACI-SeciveNow+ACI- systems.
2. it ultimately delivers from the IP 199.91.136.28 (which is outside Australia)
Be aware that the FoI act does NOT restrict my questions to +ACI-documents+ACI- (e.g. +ACI-information+ACI- encompasses any paper or other material on which there is writing, a mark, figure, or symbol, electronically stored information, maps, plans, drawings, photographs, and any article from which sounds, images, or writing can be produced).
My requests are as follows:-
1. How long has the DTA been aware that emails they send out that contain security codes which expire in 10 minutes, are taking more than 10 minutes to arrive? (e.g. the +ACI-electronically stored information+ACI- of the DTA showing the first incidences of this email delay issue)
2. The number of times since this issue began that users have reported trouble as a result of these delays, and the number of times support staff responded to victims of this delay, allowing them to bypass this security feature.
3. The documents in connection with the Tender or other procurement process through which ServiceNow (and others) were invited, and ultimately through which it was awarded this business, and the number of other bidders for this business.
4. The number of times ServiceNow has been informed of email-related delivery issues, and the clauses from any contract with ServiceNow (or published beforehand, such as in my item 3 above) in relation to (a) timeliness of email transmissions, and (b) response times to reports of system failures, and (c) compensation arrangements for service failure.
5. The rules by which the DTA must abide in relation to the following:
a) the use of sovereign systems or providers for the handling of certain information, and the list or categories of information that falls under this sovereign requirement.
b) the handling of cyber security issues, such as password reset mechanisms, and user verification requirements for allowing unidentified individuals on phone calls to obtain access to supplier account logins (bypassing verification codes)
6. The budget (financial dollar amount) of the DTA which is allocated for the payment of external service providers, and if it exists, the breakdown of categories within that budget (e.g. hosting, email, design, support, etc) and the amounts for each.
Note that I am deliberately requesting information that is specifically designed to publicly embarrass your department. Our FoI act specifically allows me to do this, and forbids you to withhold answers based on this. Please try to honor the purpose and intent of our FoI act and fully, honestly and truthfully supply the information I request.
Yours faithfully,
C Drake
-------------------------------------------------------------------
Please use this email address for all replies to this request:
foi+-request-11392-862945f4+AEA-righttoknow.org.au
Is foi+AEA-dta.gov.au the wrong address for Freedom of Information requests to Digital Transformation Agency? If so, please contact us using this form:
https://www.righttoknow.org.au/change+AF...
This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/offi...
Please note that in some cases publication of requests and responses will be delayed.
If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------



