A new era in public sector IT procurement began today in the UK with the official launch of the Digital Marketplace, an online storefront of commodity IT and services for use by government organizations.
The marketplace replaces the CloudStore at the heart of the government’s G-Cloud program and will also embrace the second iteration for the Digital Services framework when it launches next year.
We are developing a whole new of way of buying digital. Modern services need to be continually iterated and improved to meet users’ needs. And we need a platform that allows us to flexibly commission what we need to deliver those services, drive down cost and drive up value.
The Digital Marketplace demonstrates that we can build a service that meets these needs and allows government to work with a wide range of innovative suppliers of all sizes.
Separately the government’s Crown Commercial Service today published the tender documents for the sixth iteration of the framework, flagging up the prospect of supplier and service list refreshers coming every 2-3 months.
The tender states:
The G-Cloud framework catalogue, known as the Digital Marketplace, will require frequent procurement refreshes to bring on new suppliers and services. Refreshes are being considered at a varying frequency of 3-12 months depending on demand and/or availability of new services as the IT Cloud (sic) market develops.
The closing date for submissions to be part of the next framework is 17 December. Suppliers on previous iterations of the framework are not automatically pre-loaded into the Digital Marketplace and should resubmit their services.
Homework for the marking of
G-Cloud 6 also sees a shift away from government-centralised security accreditation to self-cerfication by suppliers. Vendors are asked to select the most appropriate responses to questions provided by the CESG, the UK’s National Technical Authority for Information Assurance.
As this leaves suppliers to ‘mark their own homework’, random audits can be undertaken of suppliers by the Cabinet Office to keep them honest. That said, according to the Cabinet Office, there is no wrong answer to the questions and that it is:
up to the supplier as to what supporting approach they take and the level of evidence they wish to provide to assure their assetion.
All of which means the buy side needs to make sure that it does appropriate due diligence and has a sufficient level of trust in its supplier providing an accurate assessment of its own security credentials.
If a customer does pick a rotten supplier, then the advice is to tell the Cabinet Office afterwards who can then take action against the supplier.
Quite where that leaves the buy side organization which has been stung is unclear.
The 6th framework is currently expected to go live in February next year.
I’m deeply unconvinced that the new approach to vendor security self-certification is anything other than passing risk onto the buy-side. One of the great things about buying from the CloudStore was that buyers could be confident that everything there had passed through an accreditation process. It seems that the Digital Marketplace is going to lean a good deal more towards caveat emptor.
Now maybe every supplier will behave impeccably (hah!) and there’s nothing for this cynical old hack to fret about. But then again maybe they won’t. The rate of cloud adoption in the public sector is improving year on year but it’s not de facto yet. The last thing it needs at this critical juncture is a security problem caused by a vendors being economical with the truth or a buyer not doing his or her due diligence properly.
That said, the Digital Marketplace is here and it’s another milestone in the ongoing progress towards effective digital service delivery in government.
Hear more about the new Digital Marketplace at Think Cloud Vendors on 9th December. In a special offer, diginomica readers are entitled to a £50 discount on the ticket price. Email email [email protected] with an email headed THINK CLOUD VENDORS /50 for more information. For more information on the conference, click below: