The Crown Commercial Service (CCS), the agency responsible for government commercial and procurement activity, presides over a sprawling range of frameworks that function as matchmaking platforms for public sector IT buyers, and sellers.
G-Cloud, now in its eleventh iteration, is arguably the best known of these, and widely regarded as a success story for having hugely broadened the pool of IT products and services providers available to government departments.
But is it about to get the chop? Despite market rumours, this isn’t the case, says CCS’s technology director, Niall Quinn, but it is facing some changes.
He talked us through the proposed launch early next year of a new hyperscale cloud framework, and a refreshed accreditation process with the NCSC for cybersecurity providers, after the failure of earlier security framework iterations.
There’s a lot of frameworks out there. Is it clear to buyers where to go?
Yes, there are. It’s a confused marketplace. And sometimes we don’t help ourselves or we’re not easy to do business with. You shouldn’t need detailed knowledge of frameworks in order to be able to buy from CCS.
We’re about to launch a new network services framework, which will be LANs, WANs, mobile, unified communications; everything you need to buy in that space. (We did some serious market engagement for that.)
Obviously have some software frameworks as well as you’d imagine; data and application software which is very much focused on ERP, SaaS space. And then we’re about to relaunch a cyber framework as well; some stuff around innovation – the Spark framework and then some stuff around smart cities as well.
There’s lot of stuff out there. But the whole ethos of the technology group inside CCS is to make ourselves easier to do business with.
The success of G-Cloud and why we do it every year is that innovation is getting faster and faster: new suppliers, new products, new services, new pricing all the time. We have to be in a position where we understand all the government imperatives around RPA, artificial intelligence, machine learning, quantum computing, etc.
What’s the future for G-Cloud?
Across all the major departments and across the wider public sector, people are going to G-Cloud: we have to be very supportive and protective of that brand equity.
It is popular with both buyers and suppliers. Suppliers love it because it’s got easy registration: you can register in 20 minutes. It gives them access to a very large spend, and a badge of credibility.
Buyers love it because it’s online, it’s fast, and you can search for what you want: also a big thing is that when people apply to G-Cloud they have to put their prices in, so it’s a sort of self-levelling marketplace.[But] as the markets evolve, we need to think about, ‘OK, so how can we best help people evolve as well and what’s the most appropriate thing?’ So we’re taking part of the services of G-Cloud and putting them into a much more appropriate framework…
How will this new framework be “appropriate”?
More appropriate in terms of terms and conditions for cloud, because cloud has slightly different T&Cs than standard hardware and software product; and more appropriate in terms of length of term.
G-Cloud was great: it had a term of two years and it was great because when it came out it made people re-compete for work all the time, which broke the hegemony of the big system integrators.
However, if you’re done a big digital transformation and you’re putting your books and records into the cloud, you don’t want to compete every two years. You’ve made a decision, so maybe the term should be five years, basically for certain, for certain types of storage. There’s no point in re-competing all the time; re-competing has a cost associated with it, and moving has a cost associated with it.
We probably also need to do some work around the normalisation of pricing if we can.
Market engagement will help us answer these questions…
In what sense do you need to normalise pricing?
Different cloud providers offer different things in terms of inside or outside their pricing: it’s not always apparent what is included, what’s excluded. There are different pricing models like spot buying, and predefined instances on AWS.[This is a chance to] explain that to people and normalise the pricing – and also use it as an education vehicle as well. We need to build in our lessons learned and experiences so far.
So in that respect this is sort of cloud 2.0, basically. We’ve been on this journey for five years now. What are we learned? What’s good? What’s bad?
This is all about helping buyers make conscious decisions over the choices they make; how they can get better flexibility moving between providers; all those type of things.
When’s this shift happening?
We expect this to happen early next year at this stage. We’ve got a number of intermediate steps to take along the way; we’re talking to the big cloud providers already. It’s a big thing for folks.
But some of the big departments have a lot of really good people, both commercially and in technology: we need to take lessons learned, document them, and let other people read the playbook to say ‘yeah, I see the risks and charges and issues here’.
You’ve got a lot of SMEs now on G-Cloud. We’ve heard some criticisms about useability. What are your thoughts?
The amount of spend on SMEs has increased year-on-year, and actually at a very high rate. The challenge, of course, though, is it’s not a guarantee of getting work with government: you still have to work for it and you need to look good.
If you haven’t won a business object for a couple of years, then you need to look at your service descriptions, your pricing and how you articulate your product; think about what keyword searches people are going to do and then also make sure that your pricing is transparent as well, so that if you’re providing services, it’s a day rate or whatever it will be, that people can easily work out how much it would cost.
We’re always trying to respond to feedback though.
So Tech Products 3 (which will actually be called Tech Products and Services), which will go live later on this year will reflect a need from the supplier side for some changes and indeed from the buyer side that we focus on services, not just commodity items.
So they’ll be reflected in that and that will make it – in theory! – a much more useful vehicle for them to do acquire goods from.The whole point is get into that feedback loop. We would love to be able harness data around failed searches that happened inside G-Cloud, because the actual digital market platform is a bit creaking at this stage.
We would love to harvest a lot more data, even on DOS; add a button for suppliers to explain why they didn’t bid for an opportunity, or why did people give up halfway through. We have a long list of things we would like in terms of enhancements!
Enhanced search capability; further competition on G-Cloud: we’d like further competition modules so say, five come up and you can run a further competition online. DOS: simple things like the text box be larger for the answer?
So there are a number of cosmetic things and simple things that there’s a number of quite fundamental things and always make it a better experience for people, but also better enable us to publish more information that would keep you know, these are this is the winning bid and this is why they want it.
The Cyber Security Services Framework hasn’t been popular… What are you doing about that?
The Cyber Security Services 2 framework wasn’t used at all! The thing is you can buy cyber stuff in lots of places. So we’ve spent a lot of time with the NCSC speaking about what we can do going forward.
NCSC would rightly like to assure cyber-suppliers, give a test, make sure the selling is correct and useful and there’s substance behind it.
But the assurance process in the past was either too slow or too expensive or wasn’t publicised enough, so this time around we’ve tried to make it faster, better, cheaper, but also publicised the benefits of being cyber-assured.
In cybersecurity especially, you’ve got a lot of really new suppliers coming at the marketplace all the time. And the limitations of a framework is, yes, it’s a preferred supplier list, but you can’t add new suppliers for the period of the framework life, which two years.
So Cyberecurity Three, which there’s a groundswell for, would have a DPS (dynamic purchasing system) on the front of it that allows you to add suppliers through the lifetime. It will be a much more flexible and better defined framework as well: divided into people, products and services. Products will be hardware and software subdivided…
The noise level was ‘I’ve gone through this process, I’ve paid this money and I’m getting no business’ and that’s a valid complaint as we didn’t promote it enough. It should now be a slicker, better experience and worthwhile people getting accredited. That should launch in October. NCSC say they’ll be much more organised around it. Accreditation is a vital step. But it has to be worth it for suppliers.