The big promise of the new Boris-led government was an aim to level up society. Yet, when it comes to public sector technology procurement, the deck is still heavily stacked in favour of larger, incumbent and often ‘generic’ service providers. The names are well known, and the successes are far less visible than the number of high-profile failures at places like DWP, Home Office, and several county council projects.
The perception in some quarters is that the public sector has not been well served by larger outsourcers – where size and brand has been given too much weight in favour of delivering tangible service improvement while meeting key value tests.
Consider the IT behind the Universal Credit for the DWP. A project that started in 2010 and led by Accenture, IBM, HP and BT that the NAO described as “not value for money” and was replaced by an in-house built solution – with the old system being phased out in 2020 at overall waste of £837 million to the UK taxpayer.
There are other notable projects in areas such as the UK army recruitment portal, patient record access by GPs and the NHS Connecting for Health project where big brand names won lucrative deals but failed to deliver.
The most positive change to address this common fallacy that only large IT suppliers can navigate the complexity of tendering for public sector contracts is the Crown Commercial Supplier (CCS) framework – of which G-Cloud is the highest profile branch.
In many ways, CCS has made it easier for public sector customers to gauge the terms, conditions and deliverable of simpler service agreements. The CCS accounts for 2020/21 show that £22.71 billion was channelled through its commercial agreements in 2020/21, an increase of £4.6 billion from the year before. More interestingly in the context of levelling up, £1.54 billion was spent directly with small and medium-sized enterprises (SMEs) – an additional £302 million compared to the previous year.
So even with the encouragement of the CCS, why is spending with SME service suppliers still only seven percent? There are a couple of factors at play. The first is that many of the services – particularly within the G-Cloud aspect – are quite technically complex in terms of understanding the nuances of the service. A managed endpoint protection service might at first glance seem identical when looking at the top-level description offered by two different suppliers on the CCS framework. But like most things the devil is in the detail. Where the buyer is not a subject matter expert, the decision will then pivot to “Is this a brand I know or trust?” and decisions are then made without consideration of all the insights around true benefits.
This is not a reproach to public sector customers. But it should be pointed out that CCS should be the starting point for a shortlist and not the only criteria. In many instances, a local provider within the town, county or region or potentially a specialist in a specific market such as cyber security, network infrastructure or ERP is likely to place more focus on delivering value for a client that they consider ‘important’ – as opposed to what are “small fry” to service providers with multi-billion-pound turnovers such as Capita, IBM or BT.
You might also like
Any deal for the public sector must place value for money at the near the top of the list. However, value should be considered against criticality and the impact of failure. Particularly at the local government, NHS Trust and educational institute level, involving SME suppliers for IT related services often aligns well with the need to support local communities and citizens. But there are also some points that highlight other tangible benefits.
For example, SME suppliers often specialise in a particular field. As such they tend to have deeper expertise within their chosen field and generally much better staff retention. With an impartiality hat on, where larger suppliers may have an advantage is for larger scale “body shopping” projects that needs lots of grunt work – like call centre outsourcing.
Another pro and con is the centred-on flexibility. SMEs with flatter management and expert-led team structures tend to be able to adapt service offerings with a bit more ease – compared to monolithic suppliers that have rigid structures – that are cookie-cut to lots of customers.
Yet it’s clear that not all suppliers are equally skilled. The key advice for public sector buyers of IT services – especially in areas such as cyber security is look beyond just brand and size. A key criterion must consider skills and accreditation. This should include – at a minimum – certification to ISO 9001, an international standard that specifies requirements for a quality management system (QMS) and ISO/IEC 27001, an international standard on how to manage information security.
Other accreditations specific to an industry like cyber security should include staff trained up to at least CISSPs and CISMPs level – and where relevant, should be accredited by key vendors like Cisco, Fortinet and Juniper.
All these evidence points should be considered when deciding but the ‘proof of the pudding is in the eating’, so testimonials for relevant satisfied customers should carry more weight than flashy adverts. For SME service providers, the levelling up mantra needs to go beyond just platforms such as G-Cloud and help the public sector recognise that size does matter – in a good way!
Steve Nicholls is commercial director, NetUtils