According to an article in , CCS has removed from G-Cloud which purports to allow Government customers to communicate with aliens. The service is clearly a spoof as it refers to communicating with “disc based platforms” in the Clouds (sic) and the provision of “grey men” and “little green men” beaming in from satellite offices.
The article focuses on the amusement that a service like this was on G-Cloud. However, this does expose how little CCS appears to do to check the authenticity of services it allows on to the Digital Marketplace, and reflects a worrying trend of CCS not bothering to do any proper assessment of suppliers or services on many of its frameworks.
When frameworks were first allowed by the EU in the 2004 Public Contracts Directive (which then became the Public Contracts Regulations 2006 in England and Wales), the idea was to have a stepping stone between awarding a contract to a single provider and having to run full open tenders for every piece of work, so you could create a shortlist of skilled suppliers and allow customers to run more limited competitions between these or perhaps – if it was obvious who the winner would be – direct award to one of them. The early uses of frameworks followed this model, with perhaps 5-10 suppliers on each of them which was a manageable number. If you competed work amongst all of these, you would perhaps end up with half of them responding and it was manageable. In addition, if you were selected as one of the five to ten suppliers in a large market, it is likely you would have a fantastic service offering and/or an extremely keen price, providing superb value for money.
Unfortunately, a number of contracting authorities, and CCS is amongst the worst of these, have now forgotten what frameworks were supposed to be about. Perhaps it is a new wave of procurement people who were not around in the early 2000s who know no better. But increasingly they are setting up ridiculous mass frameworks where the only criteria to get on them is to apply. Among the worst of these is G-Cloud, where they proudly proclaim how wonderful it is that there are over 3,500 suppliers offering 25,000 services. This is no longer a framework, it is just a list of suppliers and CCS is allowing customers just to pick whomever they want to work with with no real oversight. This means that rather than having to be the best to get on a framework and providing excellent value for money, they just open the door for public customers to work with the firms that they like (or who treat them well) with no real consideration on value for money.
The other concern with this, especially in the digital space, is that there is clearly no way that CCS does any effective checking of the services they put on the framework. Probably they do not do any checking full stop. Unless CCS has an army of people reviewing the suppliers and their services, there is no way they could have more than a cursory glance at services they are approving to go on the framework in the 20 days or so they allocate between applications closing and the “winners” being announced. Even a cursory glance at would probably identify that it wasn’t for real, suggesting that nobody even looks at the services before putting them online. (In which case, what exactly does their team do in the 20 days between applications closing and the award as all the questions are just Yes/No and can be scored by a computer?)
Why does all this matter? Because when you become a supplier on G-Cloud, you are allowed to use the official “CCS Supplier” logo on your website and promotional materials, so it gives you credibility. Your service is published on the Digital Marketplace, so public sector customers probably think that there has been some assessment of it and your credibility. At the very least, they should expect that your company is legitimate and the service is (relatively) safe to use. But with zero assessment of the suppliers or their services, there is nothing to stop organisations creating fraudulent services aimed at ripping off public sector customers or stealing their data. All of the millions of pounds ploughed into GDPR compliance over the past couple of years could be undone by a customer using a “CCS-approved” G-Cloud service put up by a fraudster which slipped through the (non-existent) net.
According to the article, CCS has now removed the offending service denying civil servants the ability to communicate with aliens. But it begs the question of how many other dodgy services they have let through without any checks.
Isn’t it time that CCS did their job and assessed suppliers and their offerings properly to provide confidence that they have some value, rather than just facilitating supplier lists and legitimising anyone who asks to be on them?