IT procurement in the public sector

Antonio Hidalgo-Landa CITP MBCS MSc, chair of BCS, The Chartered Institute for IT's Consultancy Specialist Group on best practice for IT procurement in the public sector

The world is engulfed by a digital transformation, and everyone, even the public sector, will need to engage with new digital technologies and solutions.

The public sector may not be the one most advanced in IT or have the largest budget. We live in a world that it is becoming digital, and there are impending pressures to keep up to date with technology. When technology advances so rapidly, our key recommendation is to build strong long-term relationships and invest in people.

The sector may progress more cautiously when adopting new technologies, as there is an additional responsibility to society that is not always present in the private sector. However, the public sector cannot be oblivious to the advancements transforming our society and way of life. Digital platforms sometimes offer a significant performance advantage, reduce barriers, or increase reach. Smartphones were widely adopted about 15 years ago (the first iPhone was released way back in 2007), and mobile phones and the internet have been with us for a couple of decades.

There is a part of society that may find using digital technologies challenging, but there is an increasing part that only knows this way. Last but not least, as technology advances, it is important that Public Systems (digital or not) don’t become vulnerable to those using new technologies.

During the last five to six years, I have seen this transformation in the pharmaceutical sector in the supply chain. Pharma is a sector where change only comes if there is a strong justification, as there are costly quality processes that need to be applied for any modification. Any minor deviation from quality standards can have detrimental consequences in the lives of many. However, as technologies advance, governments and regulators move towards wider digitalisation in the supply chain. The EU, US, China, Russia, and India have regulations that require manufacturers to have digital mechanisms to track and trace each individual saleable unit for prescription medicines.


I have seen these challenges in practice. Let’s imagine that Joe is acquiring a new IT solution. Joe secures significant funds and time, and he plans to hire a software development provider to develop the solution as he wants it. Joe works in a sensitive industry, and he is concerned about keeping things his way so he can maintain quality standards.

After several discussions with the software development provider, Joe realises that the solution is going to cost exponentially more money and time than he expected. Money is a significant problem, but time can become even more significant. It is not rare that a software project requires exponentially more resources, time, and money than expected at the beginning, and luckily, Joe was able to find out before it was too late. Joe comes across two other types of solutions: those where he could get additional customisation and those that were commercial off the shelf (COTS).

When all customers use the same solution and the same version, the user base is larger, and more people will be affected by gaps or defects. When a solution or version is used by one single customer because it is heavily customised, there are fewer people detecting errors, and efforts for fixes and new features are more costly. Joe eventually decides to look at the COTS, but he finds a myriad of them. Evaluating them is not easy, as usability is not always a trade-off. Many IT solutions opt for flexibility at the cost of usability, and learning to use a tool may require significant training. If using a solution requires significant training, being able to properly evaluate several of them feels like it will require mastering each of the solutions.

Joe ends up hiring an external consulting firm to select the IT Provider and implement the solution. After a few hiccups, the implementation is completed. However, after implementation, the consultants move on, and Joe’s team doesn’t really know how to use it properly. Some people learn to use the new solution, but they eventually move to other roles or companies, leaving a knowledge vacuum. After a while, Joe gets a team dedicated to the solution.

We start encountering defects and gaps that require manual workarounds and take a significant toll on operations. It is better when deviations are documented, as if something fails, it may be too late when noticed3. Furthermore, monitoring and following up with all the incidents become a full-time job. Eventually, there are fixes to address the defects and the new upgrades to resolve the gap, but any new release requires some downtime, and it feels like new defects come up inadvertently.

Luckily, Joe finds a much better and cheaper solution. The implementation costs are high, but what eventually stops Joe is the migration of the data, which at best will delay the project for over a year. Eventually, the story gets an end, and the whole department closes. Two years later, the solution is hacked by a foreign company in a country location where our laws don’t reach. Breaches in privacy may result in financial losses but also in more serious problems like identity theft.


Prior to this century, most purchases were of products or goods. If we were lucky enough, when we bought a washing machine, it was the last time we knew about the seller. As previously mentioned, we are in a digital era and the model has shifted towards services. Rolls Royce doesn’t sell their engines anymore; they lease the arranged amount of horsepower per month. We are not diving into the benefits of this new approach, but we recognise that the relationship between buyers and sellers has increased from single instances to long-term relationships.

Building long-term trustworthy relationships is a key strategic advantage. Long-term relationships offer further leverage and a clear view of strategic directions. Joe may be in a small budget organisation, but securing a five-year agreement will give him some extra leverage power. Furthermore, it is very interesting the size and the community behind the IT provider. If there is a widely used tool, it will be easier to find new hires or skill up the existing ones. With smaller companies, you may be a bigger fish in a smaller pond and gain additional leverage.


The most important thing when acquiring a new IT Solution is to find providers that we can develop a long-term trusted relationship. When you acquire a new IT Solution, it is not like when you acquire a car, where you can schedule some regular maintenance, and when something fails, visit a garage. IT Solutions are more like gardens, where you need to take continuous care4. IT Solutions evolve as requirements may change due to changes in business, society, or regulation. Also, a good IT provider will keep their system in check and will progressively adopt new technologies to improve performance.

We can see that IT solutions, like plants, grow, but they can also get bugs. In IT, we consider “bugs” defects in the system, and IT providers will offer technical support services to make sure that they are addressed. Lastly, IT solutions rarely work in isolation. They form ecosystems as they interface with different networks and groups of people. Consequently, the engagement with the IT providers should be taken care of regularly. Therefore, the first and most important recommendation when acquiring new IT solutions is to ensure that your team is well-prepared for developing and managing these long-term trusted relationships. The most important skills in this matter are soft skills.


It is imperative that all of your team has access to learning essential digital technologies. ChatGPT does not present significant value for an unskilled temporary worker in a warehouse or in farmland, but they may not be able to work if they cannot use a second-factor authentication or an email to log in to communicate with the systems put in place in the warehouse or in the farmland.

All the workforce needs to have some minimum essential digital competencies. Being able to use AI efficiently is a big step, but everybody should be able to handle emails, spreadsheets, documents, instant messages, video calls, and second-factor authentication with ease. Past President of the BCS, Rebecca George CBE FBCS is a strong advocate for a skill reform. She reminds us that people will need upskilling in technical skills every few years throughout their careers, in order to keep up with new technology.

IT solutions require constant care; you want to make sure that the providers offer an efficient way to monitor performance. At the end of the day, you want to keep a good track of your profit and loss.

IT vendors offer strategic reviews. The cadence of these depends on well-established solutions (e.g. MS Word), and in areas where we have more changes, bugs, or gaps, I will advise extra focus. Besides the strategic alignment, it is also important to have regular metrics, like key performance indicators (KPI), so we have a good understanding of how much the solution is used (engagement), how much benefit does it bring (performance), and what are all the associated costs, including additional training, API usage fees, impact and cost of workarounds, monitoring, and more importantly, quality and validation.

Cloud solutions

There is no silver bullet, but Software as a Service (SaaS) Cloud solutions can make a strong difference.

SaaS, especially Cloud-based SaaS, is a high advantage, and they enable businesses to be part of this fast-moving digital world. Certain activities and institutions require ownership of the actual code. Cloud solutions cannot be used in areas with poor network coverage. Nevertheless, IT solutions require an extensive amount of maintenance to be kept up to date. SaaS takes all that weight from the customer, and they take care of it themselves. Customers must still carry out due diligence in terms of continuous processes for quality and training but won’t have the pressures to implement or release new features, security releases or scalability.

Customisation mean that you will deviate from the path that is widely used. When you are on that path, you share the costs with the rest of the users on that path. It is not only money but also time. It is hard to prioritise the work for a single customer (custom usage) over requests that will affect tens or hundreds. Additionally, if something is built for one single customer, you will have a smaller community of people who know about it. This means that if your team encounters problems, it will be harder to find solutions, but also, that new hires will have to be trained. Therefore, when possible, we strongly recommend seeking Commercial Off The Shelf (COTS) solutions. Alternatively, I would plan further resources such as budget, money, team size to deal with the extra costs for training, quality, and error handling.

ABOUT THE AUTHOR: This piece was written by Antonio Hidalgo-Landa CITP MBCS MSc, chair of BCS, The Chartered Institute for IT's Consultancy Specialist Group.

Further Information: 

Read more