What you need to have ready…
Eligibility for G-Cloud
Although G-Cloud doesn’t impose numerous restrictions on suppliers, naturally it does have its own rules and regulations. Not every company can get on the framework. Here are a few no-no’s…
Suppliers must be cloud companies! – The first rule of G-Cloud (and no it’s not we don’t talk about G-Cloud) is: suppliers must be selling a cloud-based solution. No hardware solutions can be listed on the framework.
Suppliers must fit into one of the G-Cloud categories or Lots.
No ‘colocation’ services can be listed. For example, equipment the buyer rents from a supplier’s data centre can be listed.
G-Cloud is for off the shelf solutions! If you offer bespoke development this is not a framework for you. Instead of G-Cloud, you should be looking at listing on the Digital Outcomes and Specialists (DOS) framework. For more information on the differences between DOS and G-Cloud check out our Ultimate framework battle: G-Cloud versus DOS infographic.
Accreditations and Information Security
To list on the G-Cloud framework, you don’t have to have any formal security certifications.
However, we often advise our clients that as a bare minimum they should look into getting Cyber Essentials Certified. Cyber Essentials shows an understanding and basic commitment to security.
If suppliers, want to go a step further than they can apply to get ISO271001 certified. ISO 27001:2013 is an international standard for information security. Another benefit to becoming ISO27001 is that it is actually a filter that buyers can use to whittle down their shortlist.
So, if you are looking to gain an advantage over a competitor then definitely get yourself accredited!
We couldn’t talk information security and not mention GDPR and G-Cloud. Before May 2018, CCS notified all G-Cloud suppliers that they would be updating the terms of the G-Cloud framework in line with GDPR.
There are now specific clauses within the G-Cloud framework agreement and call-off contract covering the supplier requirements in line with GDPR. We also advise suppliers to detail their information security processes and internal GDPR procedures within their Service Definitions.
Evaluation and award on G-Cloud
There are two ways buyers can evaluate and award a contract on G-Cloud.
Firstly, if after a compliant search the buyer ends up with only one supplier on G-Cloud that meets their needs, they can direct award. (One of the reasons we love G-Cloud!).
When buyers are faced with multiple suppliers that meet their requirements, a buyer can make the final decision in two ways:
One is to choose the supplier that meets the needs and that has the lowest price.
Two, and more likely to be used, is the M.E.A.T process or the most economically advantageous tender. This is where a buyer will evaluate multiple suppliers (usually around 3-5) against a set of predetermined criteria. As a supplier, you should be aware of the guidance around what buyers can and can’t ask you if you appear within their shortlist.
The Pubic Procurement Gateway buyers guide and the framework agreement outline four different types of criteria you can use when evaluating shortlisted suppliers under M.E.A.T:
Whole-life cost, cost-effectiveness, price and running costs. Technical merit and functional fit. After-sales and service management. Non-functional characteristics.
The final selection should be based on best fit rather than ruling out suppliers that don’t meet your current contract or an ideal set of terms.
Once a buyer has awarded a contract the winning supplier is notified. Best practice for buyers is to inform the unsuccessful suppliers and offer the reasons why they weren’t successful, so they can improve their bids next time.
After the contract has been awarded the supplier and the buyer complete what is called a ‘call-off contract’. This will include any specific terms the parties have agreed to. The call-off contract is then completed and signed. After this, the work can begin.