Is accreditation to government services really open to SMEs?

Try not to get tangled in the red tape
Try not to get tangled in the red tape

The Public Services Network (PSN) aims to create a single multi-supplier network for all UK public sector organisations, and should assist in the take-up of G-Cloud services. This should reduce costs and introduce a level playing field for commercial suppliers.

For SMEs who want to supply IT services to the public sector, the PSN is a welcome initiative. They apply to have services accredited to the PSN using a clearly defined process. Accredited services can then be offered securely over the PSN to all public sector organisations. Add the government's stated aim of putting 25% of its new IT spending through SMEs, and the public sector market should be opening up to smaller suppliers.

Bureaucratic nightmare

However, there is a catch. Having been through Pan Government and PSN accreditation, my experience is that the processes are complex and bureaucratic. Whilst I fully understand the need for good IT security, the guidelines are at best opaque, with minimal assistance for organisations new to government IT – precisely the ones the government is trying to attract to supply new, more cost effective services. Small organisations begin the process enthusiastically before discovering how much time and budget it requires.

If the government is serious about buying more IT services from SMEs, it needs to provide assistance and clear, easily understandable guidelines. The reclassification to the three new levels, OFFICIAL, SECRET and TOP SECRET, has helped, as have the Cyber Essentials guidelines and certification. I remain undecided whether self-evaluation, as used under G-Cloud 6, is actually useful, as all clients still need to see formal certification. Even these still can only, in my view, be interpreted by a select band of CESG accredited security consultants at top consultancy rates.

The accreditation processes also need to be joined up. My company successfully completed G-Cloud Pan Government Accreditation, only to find that very little was then applicable to PSN certification. They are aiming at the same place, so why can't they be combined?

Cynical thoughts

In my more cynical moments, I wonder if the certification and procurement teams in central government would prefer to retain the status quo and work only with the large suppliers they know and who have traditionally won most public sector contracts. SMEs bring agility, flexibility and innovation, all qualities the public sector says it is keen to benefit from, but alongside these come new ideas, challenges to established ways of working and a perception of increased risk.

In my view this perception is substantially overstated, particularly when dealing with profitable companies with many years of successful trading history, who do not borrow vast sums to buy growth or indulge in risky takeovers of competitors.

However, it's very different when it comes to working with customers. The public sector organisations I work with like our approach and Fordway is working well as part of a team with some of the UK's largest IT suppliers.

I hope that, given time, the accreditation process will lose the unnecessary hoops and become more straightforward. My company has now worked through it and Fordway is approved to process OFFICIAL information, and in the final stages of PSN Service Provider certification. However, accreditation has to be renewed in a year's time. And Fordway is applying to handle the next level of material, so now there are another dozen forms to fill in and further IT Health Checks (a.k.a. penetration tests) to book and pay for…

  • Richard Blanford is the founder of Fordway