The Crown Commercial Service (CCS) stands accused of “paying lip service” to smaller suppliers after embarking on a revamp of the “underused” Cloud Compute Framework to make it more accessible to SMEs.
The government’s procurement arm is inviting submissions from prospective suppliers for the £1.35bn Cloud Compute 2 framework until 21 August 2023, but Computer Weekly has received numerous complaints from concerned SMEs about the framework since its tender documents were published online last month.
According to the suppliers Computer Weekly has spoken to, many on condition of anonymity, the tweaks CCS has introduced to make the framework more SME-friendly fail to go far enough, with the complainants claiming the barriers to entry to the framework are too high for smaller suppliers.
For instance, suppliers have taken issue with the “onerous” vetting procedures CCS has in place to assess the financial health of prospective participants. And they are also unhappy about the fact CCS is limiting the number of available slots on the framework for SMEs, while there is no cap on the number of spots available to the larger, hyperscale cloud providers.
“The level of financial scrutiny, not to mention the administrative burden tied into that, is going to exclude the vast majority of SMEs and put them off applying anyway,” said a supplier source, who works for an SME cloud service provider.
“And when you look at the [tender requirements], it’s almost as if the hyperscalers have been guiding CCS’s hand when they’ve been writing down the requirements to this. They say they want to open it up to SMEs, but when you look at the fine print, they’re paying lip service to competition. Nothing more.”
However, a source within CCS told Computer Weekly that any suggestion that the framework is anti-SME should be considered wide of the mark.
“CCS has a clear and driven focus on making it easier for businesses to bid for work. We understand how important it is to have a diverse range of suppliers working with the public sector,” the source said.
“SMEs continue to be a key component of the commercial agreements we create. This new agreement [Cloud Compute 2] supports the government’s SME agenda .”
Following the first
The first iteration of the Cloud Compute framework is due to expire in May 2024. It was initially pitched as an alternative procurement route for public sector buyers with large-scale cloud projects that had previously been pushed through the more SME-focused G-Cloud framework.
Seven of the nine suppliers listed on the single Lot Cloud Compute 1 framework are US-based hyperscalers, including Amazon Web Services (AWS), Google, Microsoft, IBM and Oracle, with UK-based Fordway and UKFast rounding out the rest of the list.
The second iteration of the Framework, meanwhile, has seen the number of Lots expanded by three to allow for the inclusion of two separate Lots that are specifically targeted at SMEs.
“It’ll be interesting to see what happens with the Cloud Compute framework this time around because there were a couple of local providers on it last time, but I don’t think they won any significant business through it, as the direction of travel for government IT spending seems to be towards Amazon Web Services [AWS] and Microsoft Azure,” Rob Anderson, research director at IT market watcher GlobalData Technology, told Computer Weekly.
Proof of that can be seen in the G-Cloud contract data published by CCS through its Digital Marketplace portal, which confirms AWS as being that framework’s top supplier in terms of the amount of IT spend it has accrued from public sector organisations.
The data shows that AWS has secured a total of £661.25m in public sector cloud spend to-date, with the majority of that business coming its way in the wake of its opening its UK datacentre region in late 2016.
According to the Digital Marketplace figures, AWS had secured a total of £4.5m in public sector cloud spend during its time on the framework up to the 2016/2017 financial year, but – in the year after its UK datacentre region opened – this figure shot up to £21.3m and has continued to rise ever since.
Microsoft’s figures follow a very similar trend, with The Digital Marketplace data confirming – by the time of the 2016/2017 financial year – that it had secured a total of £7.1m in public sector cloud through the framework. And, in the year following its UK datacentre opening, this figure had risen to £20.4m.
Some of the deal sizes AWS, in particular, have secured through G-Cloud have raised eyebrows among the supplier community, and this is one of the reasons why CCS created the Cloud Compute framework in the first place, it is claimed.
“The reason the Cloud Compute framework exists is because large central government departments were doing substantially sized, direct award deals through G-Cloud, which was considered a misuse of what G-Cloud was originally intended for,” a source, with close working knowledge of government procurement frameworks told Computer Weekly on condition of anonymity.
“A prime example is the £120m deal the Home Office struck with AWS, which was done under direct award through G-Cloud.”
Despite the framework being specifically created to funnel high-value cloud contracts through, this source claims Cloud Compute 1 has generated very few deals since it went live in May 2021.
“It is no secret that Cloud Compute 1 was a complete disaster for CCS. It is impossible to use and no-one wanted to use it,” the source continued.
When Computer Weekly asked CCS about the number and value of deals that have been transacted through the Cloud Compute 1 framework to-date, a spokesperson said it does not “hold details” of contracts signed via this procurement route.
“Public information is available direct from departments on their spends and also through Contracts Finder,” the spokesperson said.
There is only one deal (valued at £750,000) that overtly references the Cloud Compute 1 framework on the government’s Contract Finder portal, which involved the provision of Oracle cloud services to the Department for Work and Pensions (DWP) for a proof of concept research project.
Another source, working for a public sector analyst firm that tracks government IT spend confirmed the above contract is the only call-off that maps back to Cloud Compute 1 in its database, and similarly described it as a “significantly underused framework”.
This is one of the reasons why sources claim the government has made moves to open up the second iteration of the framework to SMEs, with CCS describing version two as “expanding on the benefits” of Cloud Compute 1.
“Lessons learnt from [the framework’s first iteration] and feedback we have received during pre-market engagement tells us that SMEs are well positioned to play a critical role in supplying Lot Two (value-added services) and Lot Three (professional services),” said CCS, in a supplier and buyer frequently asked questions document, published online.
The “value-added services” Lot is aimed at companies that want to resell the services of the hyperscale cloud providers that secure spots on Lot 1. Lot 3, meanwhile, is for SMEs that provide professional services – such as cloud-related consultancy, training and auditing – to the public sector on a short-term basis.
The framework’s fourth and final “Cloud Secure+” Lot, meanwhile, is aimed at public sector users – namely those in the defence and law enforcement sectors – that need a cloud computing environment capable of processing and storing data with a security classification of UK Secret.
The decision to open the framework up to SME resellers and consultancies makes sense, said Danny Quinn, managing director of Glasgow-based datacentre services provider DataVita, in a post on the professional social networking site LinkedIn.
“Many smaller public sector entities are not structured to deal directly with these large [hyperscale cloud] providers,” he said.
He also used the post to air concerns that Computer Weekly has heard other members of the SME cloud community echo in recent weeks about how the barriers to entry onto Cloud Compute 2 may prove too high for many smaller suppliers.
He used the LinkedIn post to draw specific attention to the fact CCS wants potential suppliers to provide a signed customer reference with a contract value of more than £20m as part of their framework application, which might prove difficult for many SMEs to do.
“While I understand the importance of financial due diligence in such frameworks, it seems this requirement primarily excludes a considerable number of organisations from bidding and disproportionately benefits larger US tech companies,” he wrote in the post. “In my view, this type of restriction stifles competition and puts other providers at a disadvantage, undermining a fair and level playing field.”
According to CCS sources, the £20m customer reference is considered an optional extra that potential bidders can provide if they are able to, but it is not mandatory.
“No SME (or any other bidder) will be excluded from being able to participate if they are unable to provide this information,” the source added.
Anti-SME financial compliance checks
Computer Weekly has also heard concerns raised by other sources within the SME cloud community about the “onerous” and “daunting” vetting procedures that CCS will be implementing to assess the financial health of prospective Cloud Compute 2 providers.
Under the Bronze, Silver and Gold system the Cabinet Office uses to classify how important government contracts are, Cloud Compute 2 is categorised as Gold overall, which means it is a top-tier framework in terms of complexity and criticality.
“Gold contracts are typically larger, longer contracts for complex or critical works and services,” as stated in the government’s Assessing and monitoring the economic and financial standing of bidders and suppliers June 2023 guidance note.
Lot One and Four on the framework are classified as being Gold, whereas Lots Two and Three are categorised as being Silver and Bronze, respectively.
Suppliers wishing to make it onto Lots One and Four will be subject to a “very detailed financial assessment” to “assess the bidders’ financial capacity to perform the contract” and to prevent “financially challenged suppliers” being appointed to government frameworks, according to the government’s guidance note.
Suppliers vying for a place on Lot Two and Three will be subject to less onerous financial checks, because contracts awarded through these Lots typically tend to be shorter in length and cover work that is considered to be important, but non-critical.
Even so, a source with close working knowledge of the framework, said while Lot Two and Three providers will be subject to a more basic level of financial assessment, the process involved will be very time- and resource-consuming for the average SME.
“It will be hellish process for the big providers, let alone SMEs,” said the source. “The financial risk assessment template that all bidders will need to complete is going to be very daunting for SMEs.”
Constraining the market
Another element of the framework that suppliers have taken issues with is the fact CCS is limiting the number of suppliers who can participate in Lots Two and Three, but it has imposed no limits on the number of hyperscalers who can participate in Lots One and Four.
There are spaces for 30 providers on Lot Two, whereas the number who can participate in Lot Three is limited to 60.
Owen Sayers, a data protection lawyer with more than 20 years’ experience of working on public sector IT contracts, is among those baffled by the decision to impose limits on the Lots that appear to provide the most amount of opportunity for SMEs to participate in this framework.
“While HM government will allow anyone who meets the basic quality requirements on to Lot One and Lot Four, the market is very constrained in Lot Two and Lot Three, which is arguably where the UK has the greatest mass [of SMEs],” Sayers told Computer Weekly.
And while SMEs are not explicitly banned from applying for a place on Lot One or Lot Four, the likelihood of a smaller supplier succeeding on that front is low, Sayers continued.
“To be in Lot One, you must operate your own cloud platform at Official or Official-Secret, and there are not many of those [types of SMEs] around now. To be in Lot Four, the same is true but at Secret [level], and they are even rarer,” he said. “How do SMEs get a slice of any of…