January is the month for new year resolutions and businesses are no different.
Instead of losing weight and getting fit, organisations are more likely to be looking at gaining market share and introducing business processes and technology for greater efficiencies and agility.
If you have identified the UK public sector as a potential new market for your services then you will doubtless have come across ‘G-Cloud’ and the Government’s Digital Marketplace.
We don’t want you joining the majority of people who will have ditched their resolutions by now so we’re here to help on all fronts. If your eyes ‘clouded-over’ at the mere hint of government procurement then stay with us while we demystify it and demonstrate how to win on G-Cloud.
What is G-Cloud?
G-Cloud is a Government initiative for easing the procurement process for Government departments who want to use cloud technology. It consists of a series of framework agreements with suppliers, from which public sector organisations, and arm’s length bodies, can buy from without going through the full tender process.
The government recognised that there were many smaller, more agile and more competitive organisations out there who were put off supplying the public sector due to the protracted procurement process that they had neither the time nor resource to attempt.
The G-Cloud initiative aims to make it easier for SME’s to sell to Government by removing that barrier.
Now, actually, the term ‘cloud’ is a little nebulous. The G-Cloud frameworks cover services which fit into one of four categories, or ‘lots’:
- Lot 1 – Infrastructure as a Service (IaaS), eg content delivery networks or hosting
- Lot 2 – Platform as a Service (PaaS) eg platforms that provide a basis for building other services and applications
- Lot 3 – Software as a Service (SaaS), eg accounting tools or customer service management software
- Lot 4 – Specialist Cloud Services, eg IT health checks or data migrations
Two iterations of G-Cloud are ‘live’ at any one time, currently G6 & G7. G7 services went live on 23 November 2015 and figures available on Digital Marketplace show that the public sector now has access to 709 new suppliers on the new framework, 95% of these are SMEs. There were 516 for G6, 89% of those were SMEs.
The total number of suppliers on the G-Cloud framework (G6 and G7) is 2,566 (89% SMEs) and the public sector now has access to 22,080 services. (They acknowledge this number may change when they remove duplicate services).
Government hot air? Or is G-Cloud worthwhile for SME’s?
Government stats (Nov 2015) reported £903,850,836 total to date (ex VAT) of reported G-Cloud sales. 51% of total sales by value and 61% by volume, from all reported G-Cloud sales to date, have been awarded to SMEs.
76% of total sales by value were through Central Government; 24% through the Wider Public Sector.
Compelling figures – who wouldn’t want a slice? And there is every reason to believe it will grow. Research by The Cloud Industry Forum shows a steady increase in public sector use of cloud services over the last five years with 78% saying they had cloud services in use in 2015.
HMRC also added commodity cloud services to its “Contracted-Out Services guidance” list meaning that Government departments and NHS bodies can now claim back the 20% VAT charged on Cloud services, effective 12th October 2015.
So, if you want to increase sales of your IT cloud services, and see the public sector as a potential new market, then G-Cloud certainly hits the spot.
How to attract buyers on G-Cloud
Sorry but the bad news is that simply being listed on the Digital Marketplace does not necessarily bring you sales!
The arrival of G6 bought a significant change. There is now no ‘accreditation’ of services. Instead, the seller is required to make a security ‘assertion’. There are five levels of assertion and the onus, therefore, now falls on the buyer to assess whether the level of security assertion meets their requirement.
This means that faced with a list of suppliers selling similar services, a buyer can differentiate by the suppliers level of security assertion. It stands to reason that the higher the level of assertion, the greater the buyer’s confidence and the fewer checks they will have to make prior to contracting a service.
Service provider assertion is the lowest level whilst the next two levels up require independent evaluation and testing.
Whilst it’s not compulsory to have ISO 27001:2013, we know from our own experience, holding the accreditation made addressing the information security requirements simpler. It also satisfies the independent evaluation requirement and reassures the buyer regarding the depth of your (ISMS). As the onus now sits squarely with the buyer to authenticate the credentials of the independent evaluator, ISO 27001 accreditation provides assurance that further authentication will not be necessary
Alliantist has been supplying the public sector for several years. Our commitment to this led us to implement ISO 27001 back in 2012. In 2013, we became the first organisation in the world to be awarded, the earlier, pan-government accreditation for IL3 RESTRICTED information sharing for our cloud collaboration solution. We then went on to achieve PSN Accreditation and to enable provision over that secure government network, alongside existing access over the PNN, GSI and GCSX.
Today, we continue to be one of the very few SME’s with PSN accreditation.
As an SME, we’re really not sure we could have managed ISO 27001, let alone all our other compliance requirements, without our system. Certainly not without significant stress and additional resource.
ISMS.Online improved our business processes whilst significantly reducing the man hours needed to manage a comprehensive ISMS.
Now, we are proud to demonstrate our system and give visibility to anyone looking to procure our services. In seeing exactly how we handle our complete information security management system, through ISMS.Online, they never fail to be impressed.