No time to mess about, warns government
The British government has inked a £500 million data centre contract extension without a competitive tender, saying the facilities need to be running smoothly by March 16 next year – 13 days before Britain exits the European Union.
The contract has been handed to Crown Hosting Data Centres Limited (CHDC), a joint venture between the Minister for the Cabinet Office and Ark Data Centres Ltd (Ark), and represents an extension of a £700 million deal first signed in 2015.
It is for “provision, installation, maintenance and operation of Data Centre systems; Data Centre LAN services; Data Centre Interconnectivity and the provision of Data Centre facilities from at least two separate locations and available in multiple regions.”
No Ramp-Up; Must Be Ready to Go 13 Days Before Brexit
A public notice of the contract says Crown Hosting “must, for the sake of the country’s CNI [critical national infrastructure] have the capability and capacity from the ‘word go’ to provide the expected services seamlessly without increased risk to the customers.”
The government said the contract cannot be a “phased ramp of service capability and therefore for technical reasons it is not possible to run a competitive process.”
The initial 2014 tender notice had detailed requirement for multiple data centres with 150 standard 42u racks and 350 sq. metres contiguous floor space, with a demand for flexibility and the possibility of expansion.
Critical National Infrastructure Needs “Had Not Been Appreciated”
Today’s notice emphasised “A decision has been reached that due to the level of critical national infrastructure (“CNI”), which has been moved into the CHDC data centre facilities and the requirement to take the approach which maximises risk reduction when the contract involves CNI, it is technically necessary to enter into an extension of the Framework Agreement.”
“It would not be sensible or without risk to the disruption of CNI to risk having to move incumbents to a new solution in the next few years. It had not been appreciated the level of CNI that would rely on this solution when the Framework was set up.”
Regulation 32(2)(ii) of the Public Contracts Regulations 2015 allows for the negotiated procedure to be used without prior publication where competition is absent for technical reasons, CCS notes.
“The position CCS was faced with was more than simply a complex or difficult situation where it would be convenient to remain with the incumbent… It would not be sensible or without risk to the disruption of CNI to risk having to move incumbents to a new solution in the next few years.”
Ark and the CCS have been contacted for comment.
Mark Hastings, Director of Public Sector at Rainmaker, told Computer Business Review: “On this occasion, this seems a sensible framework extension. It is unlikely that any other provider could handle the required level of data and security hosting in the required timescales and at an acceptable level of risk. There’s validity in a public/private partnership semi-monopoly – private sector expertise but with CCS sharing the monopoly profits for a very niche market. As long as there is an opportunity to monitor pricing, by avoiding the cost and effort of needing to shift data to new providers, the public sector will get value for money.”
He added: “Crown Hosting is acting as a critical enabler for Whitehall and the wider public sector to disaggregate away from archaic, outdated single-source contracts and begin moving towards cloud hosting and best-of-breed technology. It’s an underlying framework that makes wider transformation possible. Hopefully, this extension will act as a catalyst for wider ICT disaggregation in the public sector.”
CCS Channeled £13 Billion Last Year
Crown Commercial Services (CCS), which channeled £13 billion of public sector spend CCS commercial agreements in 2017/2018, detailed the services in a public notice.
Some of the services include “readily available, multiple secure campus environments for CPNI (Centre for the Protection of National Infrastructure), CGSD (Cyber and Government Security Directorate) and NCSC (National Cyber Security Centre).
Those campuses must have accordance within the security standards, as well as being able to deliver data centres at “SECRET, TOP SECRET and above on the same campus”.
Communications networks must also be “fully enabled” and available onsite, thus enabling provision from multiple carriers and putting it in place before the mid-March 2019 deadline.
Alongside that, the supplier must have one additional data centre before mid-2019 where the site capacity must be “in excess of 15 MW (megawatts).”