The G-Cloud framework has channelled over £19bn in public sector spend to cloud technology suppliers since its inception. It is the default route for UK government buyers to procure cloud hosting, software, and support. But listing on G-Cloud is not a guarantee of revenue. Many suppliers fail to win business because their Digital Marketplace listings are unsearchable, non-compliant, or poorly positioned against the Most Economically Advantageous Tender (MEAT) evaluation criteria. Writing a winning G-Cloud response requires understanding exactly how buyers search the catalogue, filter the results, and evaluate the shortlist.
This guide breaks down the G-Cloud 13 application process, the specific documents you need to prepare, and how to structure your responses to survive the filtering process and win direct awards. We will walk through a real-shaped G-Cloud 13 Lot 3 tender response to show you what good looks like, and provide actionable advice on how to avoid the common pitfalls that cause otherwise excellent services to be overlooked by public sector buyers.
What this guide covers
- Understanding the G-Cloud 13 framework: The lots, the scope, and the buying process.
- The anatomy of a winning listing: Front-end searchable terms, features, and benefits.
- Essential application documents: Pricing schedules, Terms and Conditions, and the Service Definition.
- Worked example: A question-by-question breakdown of a Lot 3 Cloud Support service.
- Common mistakes: Where suppliers lose marks and how to avoid these pitfalls.
- Frequently asked questions: Quick answers on compliance, pricing, and updates.
Understanding the G-Cloud 13 framework
G-Cloud 13 (framework reference RM1557.13) is an online catalogue hosted on the Public Procurement Gateway (PPG) and Digital Marketplace, run by the Crown Commercial Service. It allows public sector customers to buy commoditised cloud-based solutions through a compliant framework. The framework ran from 9 November 2022 to 8 November 2024, with a 12-month extension period available. The call-off contract duration is typically 36 months with an optional 12-month extension.
The primary goal of G-Cloud is to make the procurement of cloud services faster, cheaper, and more transparent for the public sector. By establishing a set of pre-agreed terms and conditions, buyers can bypass the lengthy and costly process of running a full Find a Tender Service (FTS) procurement for every single cloud requirement. For suppliers, this means a direct route to over 20,000 public sector organisations without the overhead of a full competitive tender. But the framework is uncapped, meaning any compliant supplier can join. That creates a crowded marketplace, and differentiation is everything.
The four lots of G-Cloud 13
G-Cloud 13 is divided into four distinct lots. You must apply to the lot that fits your specific service offering. Applying to the wrong lot can result in your service being rejected or, worse, ignored by buyers searching in the correct category.
| Lot | Name | Scope | Examples |
|---|---|---|---|
| 1 | Cloud Hosting (IaaS/PaaS) | Infrastructure services for processing, storing, or networking | Compute, containers, load balancing, archiving |
| 2 | Cloud Software (SaaS) | Applications accessed over the internet and hosted in the cloud | CRM, EDRM, HR systems, accounting tools |
| 3 | Cloud Support | Services to help buyers set up and maintain cloud software or hosting | Migration, security services, QA, training, ongoing support |
| 4 | Cloud Support (Further Competition) | End-to-end cloud transition projects via competitive bidding, not direct award | Large-scale migrations, complex multi-supplier programmes |
Lot 4 was introduced in G-Cloud 13 and operates differently from the other three. It is not a catalogue-style direct award. Instead, it follows a traditional competitive framework bidding process, making it more akin to a Digital Outcomes 6 procurement than a standard G-Cloud listing. If your service is a large, bespoke engagement rather than a commoditised offering, Lot 4 is the appropriate route.
How buyers evaluate suppliers
Buyers on G-Cloud do not run traditional open tenders for Lots 1-3. Instead, they use a six-step direct award process. Understanding this process is key to writing a successful listing.
First, they define their requirements. They determine exactly what they need, the budget available, and the specific features essential to their project. Second, they search the catalogue using specific keywords to create a longlist. This is where your front-end searchable terms are critical. If your listing does not contain the exact keywords the buyer is using, you will not appear on their longlist.
Third, they apply filters to create a shortlist. These filters are based on the binary questions you answer during the application process. If a buyer filters for "ISO 27001 certified" and you have answered "No," you are immediately removed from consideration. Finally, they evaluate the remaining suppliers. If only one supplier meets their exact needs, they can award directly. If multiple suppliers remain, they evaluate using MEAT criteria: whole-life cost and cost-effectiveness, technical merit and functional fit, after-sales and service management, and non-functional characteristics. Your listing must be optimised for both the initial keyword search and the final MEAT evaluation.
Anatomy of a winning G-Cloud listing
A successful G-Cloud 13 application requires a mix of structured data input and supplementary documents. The structured data populates your digital storefront, while the supplementary documents provide the detail necessary for the MEAT evaluation.
Front-end searchable terms
Your service name, summary, features, and benefits form the core of your searchable profile. Buyers use exact-match keywords to build their longlists. Approach this section with an SEO mindset.
Service Name: Do not use branded product names unless they are widely recognised in the public sector. Use descriptive, functional titles. "Cloud Migration Services for NHS" is better than "MigratePro X". The service name should immediately tell the buyer what the service is and who it is for.
Service Summary: This is a short paragraph that appears in the search results. It needs to be punchy, clear, and directly address the buyer's pain points. Avoid jargon and focus on the core value proposition of your service. The summary is indexed by the search engine, so include the key service categories from the CCS guidance.
Features and Benefits: You are allowed a specific number of bullet points for features and benefits. Use them all. Front-load them with the exact terminology used in the CCS buyer guidance. Features should describe what the service does. Benefits should describe the positive outcome for the buyer. A feature might be "Automated daily backups to geographically separate data centres." The corresponding benefit would be "Ensures data integrity and rapid disaster recovery, minimising downtime and protecting critical public services."
The Service Definition document
The Service Definition document is mandatory from G-Cloud 12 onwards and is where you provide the technical depth that buyers need for their MEAT evaluation. CCS has been explicit: this should not be a marketing brochure. It must clearly define what the service is and how it works.
A strong Service Definition document should be structured logically and cover all the key areas a buyer needs to assess technical merit and functional fit. Data backup, restore, and disaster recovery processes should be covered in detail, including Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs). Onboarding and offboarding support must be explicitly described, outlining the steps, timelines, and responsibilities of both parties.
Service constraints, such as maintenance windows or limitations on customisation, should be explicitly stated. Transparency here builds trust and prevents disputes later in the contract lifecycle. Service levels, including performance, availability, and support hours, are crucial and should be tied to clear SLAs with defined remedies for breach. Technical requirements and security standards must also be included, detailing how you protect buyer data and comply with the UK GDPR, the Data Protection Act 2018, and relevant NCSC guidance.
Pricing and Terms
The pricing document must clearly state costs without using "Price on Application" (POA) or "Prices from £X." Include unit prices, volume discounts, and any data extraction costs. You can offer discounts later, but you cannot increase prices. The pricing document should allow a buyer to accurately calculate the total cost of ownership without needing to contact you for clarification.
Your Terms and Conditions must be provided and are specific to the service. These cannot be changed while the framework is live. Ensure they align with the overarching G-Cloud framework agreement, as the framework terms will take precedence in the event of a conflict. The SFIA Rate Card is optional but highly recommended. Even if you are selling a SaaS product, buyers often require implementation or training support. The SFIA rate card provides a transparent mechanism for pricing these additional services.
Worked example
Below is an illustrative breakdown of a G-Cloud 13 Lot 3 Cloud Support application, structured to show how to answer the Digital Marketplace questions in a way that passes buyer filters and scores well on MEAT evaluation. This example is based on the publicly available service listing structure from the Digital Marketplace and is illustrative rather than a reproduction of any single supplier's submission.
Service description and features
Service Name: Fully Managed Cloud Support and Migration Services
Service Summary: We provide end-to-end IT managed services to fully support your operational cloud environments. We offer Tier 1 and Tier 2 support models alongside Tier 3 vendor management. Our service includes a multichannel client communication portal for ticket tracking, incident management, and performance tuning, ensuring your critical systems remain highly available and secure.
Features (10 of 10 used):
- Multitier support model: Tier 1, Tier 2, and Tier 3 vendor management
- Active operational metrics for continuous performance tuning and SLA compliance
- Multichannel client communications portal for transparent ticket tracking
- Automated major incident escalation with video collaboration capability
- ISO 27001:2013 certified security and comprehensive risk management
- Comprehensive QA/QC procedural activities with rigorous peer review
- Detailed setup, migration planning, and comprehensive user training
- 24/7 phone and online ticketing support availability
- Staff security clearance conforming to BS7858:2019
- Dedicated social value programme covering economic inequality and wellbeing
Benefits (10 of 10 used):
- Ensures regulatory compliance for highly secure access and controls
- Reduces operational overhead by outsourcing to certified IT experts
- Provides transparent, real-time tracking of all support tickets
- Accelerates incident resolution through automated escalation channels
- Guarantees long-term value through documented, mutually agreed migration plans
- Mitigates risk via proactive engagement and SLA compliance monitoring
- Supports equal opportunity through integration of socio-economic data
- Offers flexible support models tailored to business hours or 24/7 needs
- Maintains high availability with robust disaster recovery protocols
- Improves user adoption through comprehensive on-site or virtual training
Technical and compliance questions
Buyers filter heavily on these binary questions. Answering "No" can immediately remove you from a shortlist. It is crucial to accurately represent your capabilities while understanding the implications of each response. The table below shows the key question categories for a Lot 3 Cloud Support service, with illustrative answers.
| Section | Question | Answer |
|---|---|---|
| Planning | Planning service available | Yes |
| Planning | How the planning service works | Validate and confirm project success criteria (SLAs, processes, roles, communications). Provide virtual or on-site training and user documentation. |
| Training | Training service provided | Yes |
| Training | How training works | Train users on initiating and managing service requests. Provide virtual or on-site sessions with user documentation. |
| Setup and migration | Setup or migration service available | Yes |
| Setup and migration | How it works | Document a detailed program following business requirements. Implement after client sign-off. Review support plans and fully transition to managed service. |
| QA and performance testing | QA service available | Yes |
| QA and performance testing | How it works | Systematic measurements against standards. Multiple checkpoints and peer reviews. Proactive engagement and SLA monitoring. |
| Security services | Security services available | Yes |
| Security services | Types offered | Security strategy, risk management, design, cyber security consultancy, incident management, audit services |
| Security services | Certified security testers | No |
| Ongoing support | Ongoing support service | Yes |
| Ongoing support | Types of service supported | Hosting or software provided by your organisation |
| Ongoing support | Service constraints | Remote support only |
| User support | Email or online ticketing | Yes |
| User support | Phone support | Yes, 24/7 |
| Staff security | Staff clearance | Conforms to BS7858:2019 |
| Certifications | ISO/IEC 27001 | Yes |
| Certifications | Cyber Essentials | No |
The "Certified security testers: No" and "Cyber Essentials: No" responses are honest but carry risk. If your service is targeting buyers with high security requirements, such as NHS trusts or central government departments, these gaps will cost you shortlist positions. Obtaining Cyber Essentials before your next application is a straightforward way to widen your addressable market.
Social Value
Social Value became a mandatory scored element in public sector procurement from January 2021 under the Social Value Act. G-Cloud 13 requires suppliers to address the following themes: Fighting climate change, Covid-19 recovery, tackling economic inequality, equal opportunity, and wellbeing. Each response should be specific and measurable. Vague statements about "commitment to diversity" will not score well. Tie your social value commitments to concrete actions, such as apprenticeship programmes, supply chain diversity targets, or carbon reduction plans.
Common mistakes
Even experienced suppliers can fall foul of the specific requirements of the G-Cloud framework. Here are the most common mistakes and how to avoid them.
Using marketing fluff in the Service Definition. Buyers are evaluating technical merit and functional fit. One-paragraph explanations of how great your company is will lose points. Detail the exact mechanics of your onboarding process, SLA metrics, and disaster recovery RPOs/RTOs. The Service Definition is a technical document, not a sales pitch.
Listing "Price on Application" (POA). CCS strictly forbids POA or "Prices from £X." If a buyer cannot calculate the final price from your document without contacting you, your listing is non-compliant. Provide a clear, exhaustive pricing matrix with unit costs and explicit volume discounts. Transparency in pricing is a core tenet of the G-Cloud framework.
Ignoring the search algorithm. Using internal branded names for your services means buyers will never find you. Use the exact terminology found in the buyer guidance. "Electronic Document and Records Management" is better than "FileMaster Pro." Think about what the buyer is actually typing into the search bar, not what your marketing team calls the product.
Failing to upload a SFIA Rate Card. While optional, buyers often need to calculate the cost of ad-hoc support or implementation. Without a rate card, they cannot complete their MEAT evaluation for your service. Always include a fully populated SFIA rate card aligned to current market rates. It provides flexibility and clarity for both parties.
Over-listing services. Creating 50 slightly different listings dilutes your offering and makes it harder to manage. Consolidate into core services and use the pricing document to show modular add-ons or tiers. A cluttered catalogue is confusing for buyers and increases your administrative burden significantly.
Neglecting compliance and security. Public sector buyers are highly risk-averse. Failing to provide clear information on data protection, UK GDPR compliance, and security certifications will almost certainly result in your service being overlooked. Ensure these areas are thoroughly addressed in your Service Definition and technical responses. Reference the relevant NCSC guidance where applicable.
Submitting non-compliant Terms and Conditions. This is one of the most common reasons suppliers fail to win business through G-Cloud. Your Terms and Conditions must be compatible with the G-Cloud framework agreement. If they contain clauses that conflict with the framework, buyers will either reject your service or spend time negotiating, which undermines the speed advantage of the framework.
Frequently asked questions
Can I negotiate my prices with a buyer after they contact me?
No. Your published prices are the maximum a buyer will pay. You are allowed to reduce the service offering price across the board on the Digital Marketplace, but you cannot negotiate individual discounts behind closed doors. This ensures fairness and transparency across the framework. Any price reduction must be approved by CCS, updated on the platform, and made available to all customers.
Do I need Cyber Essentials to apply for G-Cloud 13?
No formal security certifications are strictly mandatory to list on the framework. However, buyers heavily filter for Cyber Essentials and ISO 27001 during their shortlisting process. Not having them severely limits your chances of winning work, particularly with NHS and central government buyers. We strongly recommend obtaining at least Cyber Essentials before applying.
What happens if my Terms and Conditions conflict with the G-Cloud framework agreement?
The framework agreement and call-off contract take precedence. Your service terms and conditions cannot override the core protections afforded to the buyer by the Crown Commercial Service framework terms. It is essential to review your terms carefully to ensure they are compatible with the G-Cloud framework before submission.
Can I change my Service Definition document after the framework goes live?
No. The core documents (Service Definition, Pricing, Terms and Conditions) are locked once the application window closes. You can only update pricing to reduce it. Therefore, it is critical to get these documents right the first time. Treat the application window as your only opportunity to make a first impression.
Can I apply to multiple lots?
Yes. You can apply to Lots 1, 2, and 3 simultaneously if your service offering spans multiple categories. However, each lot requires a separate application and separate service listings. Do not attempt to shoehorn a single service into multiple lots where it does not genuinely fit, as this can result in non-compliance.
What is the difference between a direct award and a further competition on G-Cloud?
A direct award occurs when a buyer identifies a single supplier that meets their requirements and awards a contract without further evaluation. A further competition occurs when multiple suppliers are shortlisted and evaluated against specific criteria before a winner is selected. Lots 1-3 support both mechanisms. Lot 4 is exclusively for further competition.
Further reading
To deepen your understanding of public sector procurement and improve your chances of success on the Digital Marketplace, explore these additional resources:
