Government promises more clarity on 'cloud-first' policy as new tech procurement rules published

'Sensible' contracts worth no more than £100m encouraged by government in new code of practice

The government has promised to provide government technology buyers and their suppliers with more information on its cloud-first policy as it publishes its code of practice designed to improve the way technology is purchased in government.

The 14 mandatory rules, or "red lines", were written in consultation with government tech buyers and their IT providers and aim to improve the procurement process across government.

The rules (full list below) are designed to make sure technology procured by government meets users' needs, can be shared across government, can be easily maintained and scaled, and isn't dependent on a single supplier.

Security was high on the list, with the code of practice ruling that government data, including that of citizens, is kept safe by ensuring that appropriate security classification policies are followed. Further, the rules stated that "sensible" contracts worth no more than £100m should be entered into without an exceptional reason.

Buyers are obliged by the code of practice to give due thought to the way they source their kit too.

"Your sourcing strategy should demonstrate that you have a thorough understanding of the commercial undertakings required to deliver, use and manage your programme. This includes: using value-chain mapping to understand the maturity of the market you want to buy from; moving from large contracts with a single supplier to using multiple suppliers; and understanding where and how you've disaggregated the technology that underpins your programme."

The rules add that buyers should avoid large contracts with single suppliers and "make best use of the services available in the market, regardless of supplier size".

The code of pratice also states that cloud-first policies should be followed at all times, and that buyers must evaluate potential public cloud services before considering alternatives.

But although cloud made it onto the list, the government has said it will provide more information about its cloud-first policy. It first came about in 2013 when the coalition was looking to make further cost savings across government.

In a blog accompanying the code of practice, the government said it needs to publish further information about its aims in the cloud.

"One of the interesting outcomes of writing the new code of practice is that it has highlighted some issues where we think our existing guidance isn't clear enough, or doesn't go far enough," it said. "There are a couple of areas where we think we can and should do more, [including offering] more guidance on cloud adoption, to supplement the cloud-first policy guidance."

Code of practice in full:

1. Define user needs, aims and capabilities
2. Make things interoperable
3. Make things open
4. Make things secure
5. Adopt cloud first
6. Make things accessible
7. Share and reuse
8. Use common government solutions
9. Meet the Digital Service Standard for digital services
10. Comply with the Greening Government ICT strategy
11. Define your sourcing strategy
12. Demonstrate end-to-end service
13. Use common government sourcing routes
14. Enter into sensible contracts