Procuring cloud solutions and services via the traditional tender route can be a complex procedure for public sector organisations.

At a series of roundtable events that iomart hosted for the public sector in Scotland recently, attendees were encouraged to take advantage of the new frameworks that have grown up to help them overcome the bureaucracy that often arises when they need to go to market.

Andy Scott, Portfolio Manager for ICT Services and Software for the Scottish Government, said that in reality the procurement of cloud services was “just like buying in any other third party services.” He explained that suppliers on the frameworks had to meet high security and compliance standards to get on them, so going through the frameworks should no longer be an issue.

There are two main procurement frameworks:

Via G-Cloud a catalogue of thousands of SaaS, IaaS and PaaS cloud services from small to medium sized suppliers is available in the UK government’s Digital Marketplace. Public sector organisations are encouraged to go ‘cloud first’ by using it however not all are doing it yet.

For the public sector in Scotland there is also the Scottish Government’s Hosting Services Framework which enables procurement of IaaS services under the rules of Scots Law. Although this framework is not at the moment mandatory, thirty two contracts having been awarded through it so far (several of which are worth over £1m), which means there are publicly available references for others to understand what the experience has been like.

Whatever procurement route is taken, Andy Scott said there are seven specific issues that should be considered:

Data security and protection

Establish the level of protection for all types and levels of data that you have. The data must be hosted in the EU or the UK until the implications of Brexit are fully understood.


Consider the physical security of your data as well as how it is protected in transit. Check the accreditations held by the hosting supplier and find out how regularly they carry out pen tests.

Performance testing and monitoring

Ensure you know how a potential supplier monitors their infrastructure and what sort of hosting environment your systems will be in.


The supplier needs to be able to deliver to you over the networks you use (PSN, N3).

Backup data

How do you backup your live environment? If you need it to be in a separate location you need a supplier with data centres in more than one location.

Phased approach

Try cloud services out. Host some data externally first before making a full move to the cloud.

Exit plan

How do you get your data back once the contract is over? What happens if you change supplier? Make sure this is built in at the start of your procurement process.

There are a multitude of cloud options available – private, public, colocation, community and hybrid. By building in the seven steps above, your experience of cloud procurement can be a positive one.

If you'd like to find out more about how we can help, get in touch.