SMEs say they are concerned over the delay in the accreditation process for G-Cloud services.
The pan-government accreditation process on G-Cloud services for information deemed sensitive is being carried out by IT security arm CESG. No supplier has yet won accreditation for security impact levels above zero.
According to a mystery shopper report from the Cabinet Office, an SME said they were concerned about the use of impact levels within the G-Cloud procurement process.
The report said the G-Cloud team gave detailed feedback. "The mystery shopper was grateful for the response but maintains his view that the use of impact level accreditation is disadvantageous to SMEs."
Tim Foxlow, director at Attenda, a medium-sized hosting company currently on the G-Cloud framework for services at IL2 (impact level 2) said his company had won public sector business outside of the G-Cloud framework for similar IL2 services.
"The fact we haven't got anywhere with it is very frustrating," he said.
"The issue we are having is that within government the buying organisations have long-term relations with tier one providers and are still using them," he added.
However, G-Cloud director Denise McDonagh said she expects some suppliers will win accreditation this month. "Getting a service accredited for use by the whole of government is pretty rare – suppliers, accreditors and CESG have had to work hard to get it done," she wrote in a recent blog post.
"I can probably count on both hands the total number of suppliers who have achieved it in the last five years, yet G-Cloud will quadruple or quintuple that number over the next couple of months," she said.
The new revised impact levels on the Government Protective Marking System (GPMS) should lead to a wider range of systems able to run cloud services. GPMS will reclassify information deemed sensitive into three broader categories down from six.
McDonagh recently told Computer Weekly that tier one, for example, could be applied to the use of commodity desktops and allow the use of applications from Microsoft Azure and Google. "I'm happy if it gives us that kind of framework," she says.
"The GPMS is a good piece of work and a lot of people are looking at it in a way that would be helpful to them. It will hugely help how we simplify and categorise data - and challenge ourselves not to put everything upward."
