Collaboration platform (Microsoft Teams) policy

Purpose

In unprecedented times, a need for a safe, reliable, interoperable, cost-effective and standardised solution to collaborate across the government is necessary.This policy states the Queensland Government will adopt the use of Microsoft Teams (MS Teams) for collaboration within and across the Queensland public service. It takes advantage of the current Queensland Government and Microsoft GITC/QITC and other contractual arrangements including:

• Microsoft Products (including Online Services) (ICTSS.1305)
• Provision of Microsoft Products and Associated Licensing Solution Partner Services (ICTSS.1308).

The choice of tools for collaboration and communication with external users, for example engagement with the public as part of service delivery, is outside the scope of this policy. However, this does not explicitly exclude MS Teams as an option for this.

The policy is supported by guidance on the configuration required to ensure the MS Teams interoperability across departments. This policy should be read by Queensland Government O365 administrators and security staff.

Policy statement

The Queensland Government will use MS Teams under the current contractual arrangements for inter and intra departmental communication and collaboration.

Policy benefits

This policy will:

• provide a consistent and interoperable way for Queensland Government to collaborate within and across departments
• realize savings through leveraging existing whole-of-government procurement arrangements and licences already in place by Queensland Government agencies
• provide an understanding on the comparative risks associated with using MS Teams under the current contractual conditions.

Applicability

This policy applies to all Queensland Government departments (as defined by the Public Sector Act 2022). Accountable officers (not already in scope of the Public Sector Act 2022) and statutory bodies under the Financial and Performance Management Standard 2019 must have regard to this policy in the context of internal controls, financial information management systems and risk management. Please see the Applicability of the QGEA for further information.

The contractual arrangements are available for all core government departments and it is expected that departments take advantage of these existing contractual arrangements. For other Queensland Government bodies who have existing Microsoft arrangements in place, it is expected that those bodies also use this platform.

The contractual arrangements are available for all budget funded agencies and all eligible entities described in ICTSS.1305. Those Queensland Government bodies who have no Microsoft arrangement in place, but are interested in doing so, please contact ICTStrategicSourcing@qld.gov.au.

Policy requirements

Policy requirement 1: Departments must use MS Teams as the primary platform for intra and inter departmental collaboration

All core departments are contractually covered to operate Microsoft O365 Teams under the following arrangements:

• Microsoft Products (including Online Services) (ICTSS.1305)
• Provision of Microsoft Products and Associated Licensing Solution Partner Services (ICTSS.1308)
• Microsoft licences already in place by Queensland government agencies

It is expected that departments use the core functionality of MS Teams as the primary platform for all intra and inter departmental collaboration, including instant messaging, ad-hoc voice/video calls and audio/video meetings, and other associated online services.

This policy requires the enablement of MS Teams within a departments tenant combined with the installation of the appropriate MS Teams client on the departments managed devices.

For best configuration guidelines and practices for the implementation of MS Teams federation, departments should contact qgea@qld.gov.au.

Advice

Comparative risk analysis security and privacy concerns

As with all technology investments there are risks associated with using MS Teams. Considerations specifically around security, privacy and that the data is being stored offshore should be understood. The current GITC agreement with Microsoft covers the online services and was created at the time all services were not on shore. Additional clauses referring to section 33 of the Information Privacy Act 2009 (Qld), and parts 1 and 3 of Chapter 2 of that Act, and the Australian Privacy Principles as set out in the Privacy Act (1988) (Cth) have been contractually agreed with Microsoft.

The comparative risk of using MS Teams with the existing contractual protections has been factored into the development of this policy.

Use of MS Teams for sensitive information

Information security classification should still be central to decisions to how products such as MS Teams should be used. For example, MS Teams may not be deemed an appropriate channel to discuss highly sensitive information due to high confidentiality business impacts. As per the Queensland Government Information Security Classification Framework (QGISCF), information that has been assessed as having a high business impact level to confidentiality (C), integrity (I) or availability (A) may only be stored or processed offshore where the department:

• has undertaken a risk assessment related to the C, I and A business impacts
• accountable officer or delegate has documented acceptance of the offshore information risk assessment.

Cost implications

MS Teams is included as part of the whole-of-government Office 365 arrangement and as such has no additional licensing cost for departments to implement. MS Teams is included in Office E1, E3, E5 and EDU subscriptions.

Configuration troubleshooting

See the Collaboration platform (Microsoft Teams) guideline for advice on how to configure and get started with MS Teams, including how to troubleshoot common implementation issues.

Use of alternative collaboration tools

It is acknowledged that some departments may have already invested in collaboration tools or are using existing tools such as Skype.As MS Teams is freely available under a contract it is expected that departments move away from other tools when operationally convenient, unless there is a documented risk assessment signed off by the accountable officer.

While maintaining any existing collaboration solution, efforts are to be made to enable interoperability with MS Teams as the preferred government platform.

If a department does not adhere to this policy, they must apply for a QGEA exception.

There may frequently be the need to use alternative third-party products to host or participate in Video Conference meetings organised by other parties (Zoom, WebEX, GoToMeeting). When an agency is required to use an alternative collaboration platform, either as a host or attendee, agencies need to ensure appropriate risk and privacy assessment is performed.

For additional advice and support on conducting this assessment process, and recommended security best practice configurations please refer to the alternative collaboration platforms guideline .

Use of alternative collaboration tools with sensitive information

With regards to the usage of the alternative collaboration for the conducting of Queensland Government business or deliver of Queensland Government services QGCDG advice is as follows:

• For video conferencing or teleconferencing meetings classified as Official: QGCDG advice is NOT RECOMMENDED
• For video conferencing or teleconferencing meetings classified as Sensitive or above: QGCDG advice is DO NOT USE

Issue and review

Issue date: May 2020
Next review date: May 2021

This QGEA policy is published within the QGEA and is administered by the Queensland Government Customer and Digital Group. It was developed by the Queensland Government Customer and Digital Group and approved by the Queensland Government Chief Customer and Digital Officer.

Implementation

This policy comes into effect from the issue date.