refer to the ITO documents

Question:
Can we please get a copy of Module 3 please as part of the commercial review.

Answered on 14/Oct/2025 04:59 AM:


Module 3 - Software as a service is the template to be used for any final negotiations with shortlisted suppliers.

This is the document provided after evaluations. The MO3 provided after evaluations and to shortlisted suppliers may include any Queensland Health updates and provisions required under this ITO. Refer to section 1.8 (part 8) of the ITO document for further details about documents provided to shortlisted suppliers.

For information about Module 3 please refer to the below to QITC.

https://www.publications.qld.gov.au/dataset/qitc-framework

Question:
1) Will all users who need to login have a department user account, or are there external users?

2) Are all users who will access read-only SDS department users, or are there external users?

Answered on 22/Oct/2025 05:00 AM:


1. All QH users that require a login will be assigned a when required, there may be external users, however not confirmed, will be confirmed at negotiation phase

2. As per above

Also refer to the requirements specification at schedule D, and the ITO document

Question:
I just wanted to confirm regarding the ISO 27001 requirement — is the tender seeking organisations with official ISO 27001 certification, or would an Information Security Management System (ISMS) that has been implemented in alignment with the ISO 27001 standard with plans of being audited and certified in the near future also acceptable?

Answered on 22/Oct/2025 05:06 AM:


An information Security Management System aligned to ISO 27001 certification would be acceptable

Question:
There is limited information on the existing system or existing data that could be used to inform scope or price for migration and integration. What is expected in the pricing table and high-level schedule for these items?

Please confirm that this is the only information provided on these topics:

Data migration

NFR-MIG-01 The solution will have the ability to extract data from the current system, including but not limited to Products, Safety Data Sheets (SDS), Risk assessments, locations, and users

NFR-MIG-02 The solution will include functionality for loading the extracted data from the current system into the new system efficiently and accurately - make this more clear

Integration The solution will seamlessly integrate with the Customer network and system landscape, ensuring compatibility with existing and future infrastructure and services.

NFR-INTEG-001 The supplier will provide information on the standards or format of data exchanged (e.g. HL7, CDA, FHIR, XML, JSON, CSV)

NFR-INTEG-002 The supplier will provide information on the transfer protocols used for data exchange (e.g. HTTPS, SFTP, SOAP, REST, proprietary ODBC)

NFR-INTEG-003 The solution will integrate with Customer mail exchange to send emails from a set Queensland Health email address, ie @health.qld.gov.au)

NFR-INTEG-004 The solution will provide direct access to the back end raw data, including all entered data, audit data, reference tables, schemas, field types and lengths to allow the Customer to develop a data warehouse in SQL for the purpose of generating analytics and management reports.

NFR-INTEG-005 The solution will integrate with various analytics platforms, data warehouses and reporting tools.

NFR-INTEG-006 The solution will enable integration via APIs.

NFR-INTEG-007 The solution will publish APIs for all significant functions and provide comprehensive documentation for their use.

NFR-INTEG-008 The solution will support data transfer (in and out) operations which can be scheduled and triggered by an event.

NFR-INTEG-009 The solution will support import and export of data via standard file transfer protocols using ad hoc, scheduled and event-based triggers.

NFR-INTEG-010 The solution will support near real-time data feeds.

NFR-INTEG-011 The solution will allow third-parties to test interfaces (endpoints) with the solution.

NFR-INTEG-012 The solution will be reporting tool agnostic.

NFR-INTEG-013 The solution will have the ability to have inbuilt, flexible data linkage capability to ensure integration of data.

Answered on 22/Oct/2025 05:14 AM:


No information has been provided about the existing system, refer to the requirements spreadsheet for information about data migration. If specific questions relating to data migration need further clarification, questions can be submitted by Monday 27 October - COB

Regarding the pricing in TAB 4 of the requirements spreadsheet, extra lines can be added to detail costs associated with any components not detailed in the draft document/spreadsheet.

Refer to the Schedule D - requirements

Question:
1. Item 7 of the Invitation to Offer - Important Information for Suppliers.

- Do we just include these schedules without any information/entries? Instructions on both documents states that declaration assumes that Customer and Supplier have entered into a contract.

2. QITC Schedule 3 - refer to the list of subcontractors in 2.8 of the ECMS-QITC invitation to offer. Is there an alternative to this?

Answered on 27/Oct/2025 05:05 AM:


The Supplier (offer) should include the following documents: Item 7 of the ITO

• Supplier response to Schedule A (suppliers Response)- is the ITO document - includes A and B (B i optional - refer to the ITO)

• Supplier response to Schedule B (innovation – optional – included in Schedule A document) - Refer to the ITO document

• Supplier response to Schedule D (in excel) – includes business and technical requirements, mandatory requirements, pricing and rate card. (Must be completed)

• Supplier responses to attachments:

o Attachment 1 - local benefit test

o Attachment 2 - social procurement

o Attachment 3 - sustainability and workplace practices

o Attachment 4 – small to medium enterprise participation

• Supplier response to the QITC Comprehensive Contract Details (in word and draft) completed where possible by suppliers

• Attachments can be included however these should be limited and only where information cannot be provided in the text boxes in schedule A - such as diagrams

• Insurance Certificates of Currency (mandatory to provide)

• Statutory declaration by subcontractor (QITC Schedule 3)

• Deed of confidentiality, privacy and conflict of interest (QITC Schedule 4)


QITC schedule 3 - if there are any subcontractors -this schedule 3 must be completed and completed at 2.8 of the ITO - there is no alternative

Question:
We have declared our subscontractors like AWS, Google Workspace and Atlassian at 2.8 of the ITO. What documents can we submit in lieu of the staturory declaration?

Answered on 28/Oct/2025 04:58 AM:


There is no need at this point to submit any stat dec's as long as you have declared subcontractors in 2.8 of the ITO