According to an article in The Register, CCS has removed a service from G-Cloud which purports to allow
Government customers to communicate with aliens. The service is clearly a spoof
as it refers to communicating with “disc based platforms” in the Clouds (sic)
and the provision of “grey men” and “little green men” beaming in from
satellite offices.
The article focuses on the amusement that a service like
this was on G-Cloud. However, this does expose how little CCS appears to do to
check the authenticity of services it allows on to the Digital Marketplace, and
reflects a worrying trend of CCS not bothering to do any proper assessment of
suppliers or services on many of its frameworks.
When frameworks were first allowed by the EU in the 2004
Public Contracts Directive (which then became the Public Contracts Regulations
2006 in England and Wales), the idea was to have a stepping stone between awarding
a contract to a single provider and having to run full open tenders for every
piece of work, so you could create a shortlist of skilled suppliers and allow
customers to run more limited competitions between these or perhaps – if it was
obvious who the winner would be – direct award to one of them. The early uses of
frameworks followed this model, with perhaps 5-10 suppliers on each of them
which was a manageable number. If you competed work amongst all of these, you
would perhaps end up with half of them responding and it was manageable. In
addition, if you were selected as one of the five to ten suppliers in a large
market, it is likely you would have a fantastic service offering and/or an
extremely keen price, providing superb value for money.
Unfortunately, a number of contracting authorities, and CCS
is amongst the worst of these, have now forgotten what frameworks were supposed
to be about. Perhaps it is a new wave of procurement people who were not around
in the early 2000s who know no better. But increasingly they are setting up
ridiculous mass frameworks where the only criteria to get on them is to apply. Among
the worst of these is G-Cloud, where they proudly proclaim how wonderful it is
that there are over 3,500 suppliers offering 25,000 services. This is no longer
a framework, it is just a list of suppliers and CCS is allowing customers just
to pick whomever they want to work with with no real oversight. This means that
rather than having to be the best to get on a framework and providing excellent
value for money, they just open the door for public customers to work with the
firms that they like (or who treat them well) with no real consideration on
value for money.
The other concern with this, especially in the digital
space, is that there is clearly no way that CCS does any effective checking of
the services they put on the framework. Probably they do not do any checking
full stop. Unless CCS has an army of people reviewing the suppliers and their
services, there is no way they could have more than a cursory glance at
services they are approving to go on the framework in the 20 days or so they
allocate between applications closing and the “winners” being announced. Even a
cursory glance at the service for communicating with aliens would
probably identify that it wasn’t for real, suggesting that nobody even looks at
the services before putting them online. (In which case, what exactly does their
team do in the 20 days between applications closing and the award as all the
questions are just Yes/No and can be scored by a computer?)
Why does all this matter? Because when you become a supplier
on G-Cloud, you are allowed to use the official “CCS Supplier” logo on your
website and promotional materials, so it gives you credibility. Your service is
published on the Digital Marketplace, so public sector customers probably think
that there has been some assessment of it and your credibility. At the very
least, they should expect that your company is legitimate and the service is
(relatively) safe to use. But with zero assessment of the suppliers or their
services, there is nothing to stop organisations creating fraudulent services
aimed at ripping off public sector customers or stealing their data. All of the
millions of pounds ploughed into GDPR compliance over the past couple of years
could be undone by a customer using a “CCS-approved” G-Cloud service put up by
a fraudster which slipped through the (non-existent) net.
According to the article, CCS has now removed the offending
service denying civil servants the ability to communicate with aliens. But it
begs the question of how many other dodgy services they have let through without
any checks.
Isn’t it time that CCS did their job and assessed suppliers
and their offerings properly to provide confidence that they have some value,
rather than just facilitating supplier lists and legitimising anyone who asks
to be on them?
Good post. Arguably, the likes of G-Cloud are filling in a need not otherwise capable of being met by offering a halfway house between a framework and a DPS (albeit in a clumsy manner). The problem with a framework is that you're tied to a small number of suppliers for a number of years, which limits the opportunities for innovation and flexibility. DPS's offer this by leaving it open to apply for whenever a supplier wants, but you are required to a) publish an OJEU notice and b) invite every single supplier to tender whenever you want to call off some work. A system for having a large number of suppliers that you can filter down is useful, but there's no getting round the fact that the current system is open to rampant misuse.
ReplyDeleteThanks Daniel. Agree that it is difficult to have a system that is sufficiently flexible and accessible to SMEs without being open to abuse. It is well known that a large amount of GCloud business goes through no real process before being procured, instead the supplier finds a mate in the customer, sells him the service and just puts it through the framework which is anti competitive.
DeleteAt the very least with GCloud you should expect CCS to do some checks rather than just blindly trust all suppliers and services. OK it might take a few months to work through them but that is what they are paid to do. That would also root out the hundreds of services that are nothing to do with the Cloud.