Ontario BPS Procurement Directive: 2024 Revisions Explained

The Ontario Broader Public Sector (BPS) Procurement Directive sets the rules of the road for how publicly funded organizations in Ontario buy goods, services, and construction. The January 2024 revision tightened several existing requirements and introduced new ones around vendor access, segregation of duties, and conflict-of-interest documentation. This guide walks through the substantive changes, who they apply to, and what operational adjustments procurement teams need to make.

Who the BPS Directive covers

The Directive applies to BPS organizations as defined by the Broader Public Sector Accountability Act. The core list includes:

• Public hospitals and Local Health Integration Networks
• School boards and publicly funded colleges and universities
• Children's aid societies
• Community care access corporations
• Publicly funded social and community service agencies that meet the funding thresholds

Municipalities are governed by their own procurement bylaws, not the BPS Directive directly. However, many municipalities and Ontario Hydro distributors voluntarily align with the BPS Directive as a baseline because it is the most-documented procurement framework in the province.

What was already in place before 2024

The pre-2024 Directive already required:

• Open and fair competition for procurements above defined thresholds
• A documented procurement policy approved by the organization's board
• Use of mandatory templates for higher-value procurements
• Vendor of record arrangements with documented selection criteria
• Conflict-of-interest declarations from evaluators
• Retention of procurement records for a minimum of seven years

The 2024 revisions did not replace this framework. They reinforced specific requirements and added new ones in three areas.

What changed in January 2024

1. Stronger segregation of duties

The revised Directive is more explicit about separating the roles involved in a procurement: the requisitioner who identifies the need, the evaluator who scores responses, the approver who authorizes the award, and the payment processor who releases funds. The same individual cannot occupy more than one of these roles for a single procurement above the documented threshold.

For small procurement teams this is a practical challenge. The solution is structural rather than headcount: separate user roles and approval workflows in the procurement system, documented sign-off at each step, and an audit trail showing who did what.

2. Transparent vendor access

The Directive now puts more weight on transparent and equitable access for vendors. In practice this means:

• Procurement notices for above-threshold opportunities must be published on a single, broadly accessible platform — typically MERX or the organization's own portal — not distributed to a closed list.
• Vendor of record refresh cycles must be documented and predictable.
• Reasons for declining a vendor application must be recorded and available to the vendor on request.
• The qualification criteria a vendor must meet to be considered must be published in advance, not formulated mid-evaluation.

This is where supplier qualification platforms become directly relevant. A documented supplier database, accessible to vendors and showing the qualification status of each, supports the transparency requirement by construction.

3. Documented compliance across the supplier lifecycle

The revised Directive emphasizes that compliance is continuous rather than one-time. Initial qualification of a supplier is not enough; the organization must be able to demonstrate that the supplier remains qualified throughout the contract term. For practical purposes this means:

• Insurance certificates and WSIB clearances on file and current for active suppliers
• Documented evidence of vendor performance review at defined intervals
• Conflict-of-interest declarations refreshed periodically, not only at first qualification
• Re-qualification triggers when a supplier's circumstances change materially (ownership, financial standing, key personnel)

Cyber-security expectations for BPS vendors

Parallel to the Directive itself, Ontario regulators have been raising the cyber-security bar for vendors providing services to public sector entities. Hospitals are subject to OEB and ministry guidance on third-party cyber risk; school boards face similar pressure. The Directive does not yet impose a single mandated standard, but procurement teams are increasingly expected to:

• Collect documented cyber-security posture statements from vendors handling sensitive data
• Verify that vendors meet defined controls (typically aligned with NIST CSF, ISO 27001, or sector-specific frameworks)
• Update cyber-risk assessments when vendors change platforms or sub-processors

This is one of the fastest-moving areas of BPS compliance. Expect formalization in future Directive revisions.

The intersection with Bill S-211, Buy Ontario Act, and Bill 72

The 2024 BPS Directive sits inside a broader compliance stack that BPS organizations have to manage simultaneously:

• Bill S-211 (federal) — annual forced labour and child labour report covering supply chains. See our guide.
• Buy Ontario Act — preference for Ontario-made goods and services in qualifying procurements.
• Bill 72 — strengthened supply chain transparency requirements.
• Bill 40 — procurement reform legislation affecting documentation of purchasing processes.

The practical implication: the same supplier file must serve multiple regulatory regimes. A platform that stores insurance, WSIB, S-211 attestation, origin data, and conflict-of-interest declarations against a single supplier profile turns the regulatory stack from four separate workflows into one.

What operational changes BPS teams need to make

For organizations already running a mature procurement function, the 2024 Directive is more about formalization than reinvention. The practical to-do list:

Audit role separation. Walk through three recent procurements. Confirm that requisition, evaluation, approval, and payment were each performed by different individuals. Document the audit trail. Where roles are blurred, redesign the workflow or add a documented secondary reviewer.

Publish qualification criteria up front. Review the criteria your organization uses to qualify suppliers. Publish them on your vendor portal. Update vendor decline letters to reference the published criteria.

Build a continuous-qualification view. Run a one-time report showing every active supplier's current status: insurance valid, WSIB current, declarations on file, performance reviewed within the last cycle. Use this to identify the gap that continuous qualification has to close.

Document the cyber-risk posture. For vendors handling sensitive data, capture and store their cyber-security attestations. Plan for renewal at a defined cadence.

Where QCsolver fits

QCsolver was built specifically for Canadian BPS procurement requirements. The platform separates user roles for segregation of duties, publishes vendor qualification criteria, maintains continuous supplier qualification with renewal alerts, and stores documentation across all the regulatory regimes that BPS teams have to satisfy in parallel. For Ontario hospitals, Hydro distributors, universities, and municipalities, the workflow turns Directive compliance from a documentation scramble into an operational baseline.