Question-by-question guide to a typical CCS PQQ

Listen to this guide

A 10-minute audio walkthrough. Best on commute or while reviewing a tender.

View transcript

If you are gearing up for a major framework like G-Cloud 13, DOS6, or RM6263, you know the drill. You are probably thinking about pricing strategies, method statements, and social value commitments. But before any of that matters, you have to get past the gatekeeper. The Pre-Qualification Questionnaire, or Selection Questionnaire as it is formally known. Fail a mandatory question here, and your bid is dead before the buyer even looks at your technical response. For bid managers and SME owners, the PQQ is a high-stakes compliance exercise. It demands precise financial data, flawless policies, and rigorous proof of past performance. A single missed policy attachment or a misunderstood turnover threshold can waste weeks of bid writing effort. In this episode, we are going to break down every section of a typical Crown Commercial Service PQQ. We will look at what buyers are actually asking, how to structure your answers, and the exact thresholds you need to meet to keep your bid alive. Let us start with the administrative foundation, Part 1. This covers Supplier Information. It asks for your basic company details, legal structure, and contact information. It is not scored, but accuracy is critical. Discrepancies between your registered Companies House details and your PQQ response can trigger clarification questions or compliance failures. You will need your company registration number, VAT number, and DUNS number. If you do not have a DUNS number, apply for it well in advance, as processing takes several days. If you are bidding as a consortium or using subcontractors, declare it here. CCS requires transparency. If you rely on a subcontractor to meet technical or financial criteria, they will usually need to complete their own PQQ sections. Coordinate with your supply chain early. Do not wait until the day before submission to ask a partner for their audited accounts or health and safety policy. You must also detail your corporate structure to ensure transparency regarding ownership and potential conflicts of interest. Moving to Part 2, Mandatory Exclusions. This is a straightforward pass or fail compliance check based on the Public Contracts Regulations 2015. CCS must exclude any supplier convicted of specific offences within the last five years, covering corruption, fraud, terrorist financing, money laundering, and human trafficking. For most SMBs, this is a simple series of No answers. However, ensure this applies to all directors and anyone with powers of representation, decision, or control. A Yes almost certainly excludes you, unless you provide compelling evidence of self-cleaning, which means paying compensation, collaborating with authorities, and overhauling compliance systems. Remember, these questions apply to any organisation you rely on, like a parent company or key subcontractor. If they fail, your bid fails. Part 3 covers Discretionary Exclusions. Unlike mandatory ones, these give the contracting authority the right, but not the obligation, to exclude you for issues occurring within the last three years. Key areas include bankruptcy, grave professional misconduct, distortion of competition, conflicts of interest, and significant prior contract failures. Tax compliance is heavily scrutinised. If you answer Yes, you have an opportunity to explain and provide detailed evidence of corrective actions. For example, if a previous contract was terminated early due to poor performance, explain what went wrong and the structural changes made to prevent recurrence. Buyers are risk-averse. They need absolute assurance. Another common exclusion relates to Russian and Belarusian supplier restrictions introduced via Procurement Policy Note 01/22. A Yes here will almost certainly lead to exclusion. Part 4 is Economic and Financial Standing, where many SMBs stumble. CCS needs to know your business is financially robust. This is evaluated on a pass or fail basis against predefined minimum thresholds. The most common metric is the minimum turnover requirement. The Public Contracts Regulations 2015 states buyers should not demand a turnover greater than twice the estimated contract value, except in highly justified circumstances. For frameworks like IT Services or Professional Services, the threshold is tied to the specific lot. You will be asked for your annual turnover for the last two or three financial years. If you are a startup without three years of accounts, you are not automatically excluded. You can usually provide alternative evidence, such as a bank letter, cash flow statement, or parent company guarantee. Communicate proactively with the buyer during the clarification period. You must also confirm insurance cover. Standard requirements include Employer's Liability, usually a statutory minimum of five million pounds, Public Liability, and Professional Indemnity. If you do not hold the required levels, you can usually pass by committing to obtain them if awarded a place. Do not buy expensive policies just to submit a PQQ. Financial ratios, like current assets divided by current liabilities, may also be assessed. A ratio below 1.0 may trigger scrutiny, requiring an explanation of your cash flow position. Part 5, Technical and Professional Ability, proves you can do the job. It is rigorous and often scored. CCS wants evidence of relevant past performance. This usually involves submitting a Certificate of Technical and Professional Ability, or COTPA. You typically need two COTPAs per lot, detailing contracts delivered within the last three years, similar in scope and scale to the framework requirements. A COTPA must be signed off by your customer. The buyer from that previous contract must verify your claims. Secure these signatures well before the deadline. The contact must not have been employed by your organisation in the past three years. Focus on outcomes and metrics. Do not just say you delivered an IT system. State you deployed a cloud infrastructure that reduced server downtime by 40 percent for a government department of 2,000 users. Use exact framework terminology. If it asks for agile delivery, mention sprints, scrums, and user research. You may also need to provide details of quality management systems, like ISO 9001, environmental management, like ISO 14001, and health and safety, like ISO 45001 or CHAS. If you do not hold formal certification, provide a detailed description of internal processes demonstrating equivalent standards. Part 6 covers Compliance Policies and Additional Modules. These are increasingly critical. For IT systems or handling public sector data, Cyber Essentials is mandatory under Procurement Policy Note 014. Higher-risk frameworks require Cyber Essentials Plus. This is a hard pass or fail. For Modern Slavery, if your turnover exceeds 36 million pounds, you must comply with the Modern Slavery Act 2015. CCS often asks all suppliers to confirm their approach to mitigating risks. For Equality and Diversity, confirm compliance with the Equality Act 2010, upload your Equal Opportunities policy, and confirm no unlawful discrimination findings. The policy must be up-to-date and implemented. For Carbon Reduction, contracts over 5 million pounds require a Carbon Reduction Plan confirming commitment to Net Zero by 2050 under Procurement Policy Note 06/21. Even for smaller lots, having an environmental policy and baseline emissions data is recommended. Finally, confirm compliance with health and safety legislation, providing your policy and detailing any Health and Safety Executive enforcement notices in the past three years. Let us look at a worked example for a Technical and Professional Ability response, often forming the basis of a COTPA, for a cloud migration lot on a framework like RM6263. The contract title might be Legacy Infrastructure Migration to Public Cloud for the Department for Work and Pensions, valued at 450,000 pounds, running from January to November 2024. In the description, state you acted as the prime contractor to migrate a legacy on-premise case management system to a secure AWS cloud environment. Detail the scope, like architecture design, data migration of 2 terabytes of sensitive citizen data, and implementing a new CI/CD pipeline. Mention the multidisciplinary team provided. For relevance to the framework specification, state this demonstrates capability in Cloud Migration Services, Lot 2. Mention utilising agile methodologies, like Scrum, in two-week sprints, aligning with the Government Service Design Manual, and conducting user research. For outcomes achieved, state the migration was completed two weeks ahead of schedule and 5 percent under budget. The new infrastructure reduced system latency by 35 percent and achieved 99.99 percent uptime. Ensure full compliance with NCSC Cloud Security Principles, passing all penetration tests with zero critical vulnerabilities. Now, let us discuss implementation and common pitfalls. First, failing to answer every part of a multi-part question. If you miss a sub-clause, you fail. Break the question down and use sub-headings. Second, using outdated policies. Uploading a Health and Safety policy from 2019 shows a lack of compliance. Review and date-stamp core policies annually. Third, ignoring word counts. Draft in a word processor, check the character count, and then paste it into the portal. Fourth, assuming N/A is an acceptable answer. Never write N/A unless guidance explicitly states a question is optional. Explain why it does not apply based on regulations. Fifth, leaving COTPA signatures to the last minute. Request signatures immediately during the bid or no-bid phase. Sixth, mismatching financial data. Ensure stated turnover matches uploaded audited accounts. Any discrepancies must be explained. Finally, providing generic case studies. Map specific activities directly to framework requirements using their language. Let us wrap up with a quick Q&A. A common question is, what is the difference between a PQQ and an SQ? They are effectively the same thing. The government rebranded PQQ to Selection Questionnaire in 2016 to standardise the process via Procurement Policy Note 8/16. Another question is, do I need three years of accounts to pass? No. Newer businesses cannot be unfairly excluded. Provide alternative financial evidence. Can I use private sector contracts as references? Yes, unless guidance forbids it. Relevance is key, not the sector. What happens if I fail a mandatory exclusion question? You are excluded immediately, unless you provide robust evidence of self-cleaning. Is Social Value scored at the PQQ stage? Usually, no. It focuses on backward-looking compliance. Social value is evaluated during the Invitation to Tender or award stage. In summary, the PQQ is your gatekeeper. Treat it with the same rigour as your technical response. Accuracy, timely evidence gathering, and strict adherence to formatting are non-negotiable. For more detail, refer back to the written guide on our platform. And if you want to streamline this entire process, remember that Bidwell automates much of this compliance heavy lifting, freeing you up to focus on winning the work. Thanks for listening.

Crown Commercial Service (CCS) frameworks are the lifeblood of public sector revenue for UK SMBs. But before you can price a call-off or write a method statement, you have to pass the Pre-Qualification Questionnaire (PQQ). Sometimes called a Selection Questionnaire (SQ) or Procurement Specific Questionnaire (PSQ), this document is the gatekeeper. Fail a mandatory question, and your bid is dead before the buyer even looks at your technical response.

For bid managers and SME owners, the PQQ is a high-stakes compliance exercise. It demands precise financial data, flawless policies, and rigorous proof of past performance. A single missed policy attachment or a misunderstood turnover threshold can waste weeks of bid writing effort.

This guide breaks down every section of a typical CCS PQQ. We will look at what buyers are actually asking, how to structure your answers, and the exact thresholds you need to meet. Whether you are bidding on G-Cloud 13, DOS6, or RM6263, mastering the PQQ is your first step to winning government work.

What this guide covers

The structure of the standard CCS Selection Questionnaire (SQ).
How to navigate mandatory and discretionary exclusions.
Passing the economic and financial standing thresholds.
Proving technical and professional ability with COTPAs.
Handling modern slavery, cyber security, and social value requirements.
A worked example of a technical ability response.
Common mistakes that cause automatic failures.

Part 1: Supplier Information

The first section of any CCS PQQ is administrative. It asks for your basic company details, legal structure, and contact information. While it is not scored, accuracy here is critical. Discrepancies between your registered Companies House details and your PQQ response can trigger clarification questions or compliance failures.

You will need your company registration number, VAT number, and DUNS number. The Data Universal Numbering System (DUNS) number is a unique nine-digit identifier for businesses, widely used by the UK government to track corporate entities. If you do not have one, you must apply for it well in advance of the tender deadline, as processing can take several days.

If you are bidding as part of a consortium or using subcontractors to deliver a significant portion of the work, you must declare it here. CCS requires transparency about who is actually delivering the contract. If you rely on a subcontractor to meet technical or financial criteria, they will usually need to complete their own PQQ sections. This means you must coordinate with your supply chain early. Do not wait until the day before submission to ask a partner for their audited accounts or health and safety policy.

You must also detail your corporate structure, including immediate and ultimate parent companies. This is to ensure transparency regarding ownership and potential conflicts of interest. For UK SMBs, this is usually straightforward, but if you have recently been acquired or have a complex holding structure, ensure the information matches the public record.

Part 2: Mandatory Exclusions

This section is a straightforward pass/fail compliance check based on the Public Contracts Regulations 2015 (PCR 2015). CCS must exclude any supplier that has been convicted of specific offences within the last five years.

The questions cover participation in criminal organisations, corruption, fraud, terrorist financing, money laundering, and human trafficking. For the vast majority of SMBs, this section is a simple series of "No" answers. However, you must ensure that this applies to all directors and any person with powers of representation, decision, or control within your organisation.

If you answer "Yes" to any of these questions, you are almost certainly excluded from the procurement, unless you can provide compelling evidence of "self-cleaning". Self-cleaning means proving that you have taken concrete steps to rectify the situation, such as paying compensation, collaborating fully with investigating authorities, and completely overhauling your compliance systems. For most UK SMBs, a "Yes" here means a bid/no-bid decision should have been made much earlier in the process.

It is vital to understand that these questions apply not just to the bidding entity, but to any organisation you are relying on to meet the selection criteria, such as a parent company providing a financial guarantee or a key subcontractor providing technical expertise. If they fail a mandatory exclusion, your entire bid fails.

Part 3: Discretionary Exclusions

Unlike mandatory exclusions, discretionary exclusions give the contracting authority the right, but not the absolute obligation, to exclude you. These questions cover issues that occurred within the last three years.

Key areas include bankruptcy or insolvency, grave professional misconduct, distortion of competition, conflicts of interest, and significant prior contract failures. Tax compliance is also heavily scrutinised. You must declare if you are in breach of your obligations relating to the payment of taxes or social security contributions.

If you must answer "Yes" to a discretionary exclusion, you have an opportunity to explain. You must provide detailed evidence of the corrective actions you have taken. For example, if a previous public sector contract was terminated early due to poor performance, you must explain what went wrong and, crucially, the structural changes your business has made to ensure it never happens again. Buyers are risk-averse; they need absolute assurance that the issue is resolved.

Another increasingly common discretionary exclusion relates to the Russian and Belarusian supplier restrictions introduced via Procurement Policy Note (PPN) 01/22. You must confirm whether your organisation, or any member of your supply chain, is incorporated in or has significant operations in Russia or Belarus. A "Yes" here will almost certainly lead to exclusion under current government policy.

Part 4: Economic and Financial Standing

This is where many SMBs stumble. CCS needs to know that your business is financially robust enough to deliver the contract without going bust mid-term. This section is evaluated on a pass/fail basis against predefined minimum thresholds.

The most common metric is the minimum turnover requirement. PCR 2015 states that buyers should not demand a turnover greater than twice the estimated contract value, except in highly justified circumstances. For framework agreements like IT Services or Professional Services, the threshold is usually tied to the specific lot you are bidding for. For example, if you are bidding for a lot with an anticipated call-off value of £500,000, the buyer may set a minimum annual turnover threshold of £1 million.

You will be asked to provide your annual turnover for the last two or three financial years. If your business is newly established and does not have three years of accounts, you are not automatically excluded. You can usually provide alternative evidence of financial standing, such as a bank letter, a statement of cash flow, or a parent company guarantee. The key is to communicate proactively with the buyer during the clarification period if you are unsure what alternative evidence they will accept.

You must also confirm your insurance cover. Standard requirements for CCS frameworks typically include Employer’s Liability (statutory minimum of £5 million), Public Liability (often £1 million to £5 million), and Professional Indemnity (usually £1 million to £5 million). If you do not currently hold the required levels, you can usually pass by stating "Yes" to committing to obtain the required cover if you are awarded a place on the framework. Do not buy expensive insurance policies just to submit a PQQ; wait until you have won the contract.

Financial ratios are another common assessment tool. Buyers may calculate your current ratio (current assets divided by current liabilities) to assess short-term liquidity. A ratio below 1.0 may trigger further scrutiny, requiring you to provide management accounts or a letter from your accountant explaining your cash flow position.

Part 5: Technical and Professional Ability

This section proves you can actually do the job. It is the most rigorous part of the PQQ and is often scored rather than just pass/fail. CCS wants evidence of relevant past performance.

For many CCS frameworks, this involves submitting a Certificate of Technical and Professional Ability (COTPA). A COTPA is a structured reference. You typically need to provide two COTPAs per lot, detailing contracts delivered within the last three years. These contracts must be similar in scope and scale to the framework requirements.

Crucially, a COTPA must be signed off by your customer. You cannot just write a glowing case study; the buyer from that previous contract must verify your claims. This requires strong client relationships and proactive bid management. You must secure these signatures well before the PQQ deadline. The customer contact must not have been employed by your organisation in the past three years, ensuring independence.

When describing your past contracts, focus on outcomes and metrics. Do not just say you delivered an IT system; state that you deployed a cloud infrastructure that reduced server downtime by 40% for a government department of 2,000 users. Use the exact terminology found in the framework specification. If the framework asks for "agile delivery," ensure your case studies explicitly mention sprints, scrums, and user research.

You may also be asked to provide details of your quality management systems, such as ISO 9001 certification. If you do not hold the formal certification, you must usually provide a detailed description of your internal quality assurance processes, demonstrating that they meet equivalent standards. The same applies to environmental management (ISO 14001) and health and safety (ISO 45001 or CHAS).

Part 6: Compliance Policies and Additional Modules

Depending on the framework, the PQQ will include additional modules covering specific policy areas. These are increasingly critical for central government contracts and reflect broader policy goals beyond simple procurement.

Cyber Essentials: For any contract involving the handling of public sector data or delivering IT systems, Cyber Essentials certification is mandatory under PPN 014. For higher-risk frameworks, Cyber Essentials Plus is required. You must either hold the certificate at the time of bidding or commit to obtaining it before the contract start date. This is a hard pass/fail criteria; there is no flexibility here.

Modern Slavery: If your turnover exceeds £36 million, you must comply with the Modern Slavery Act 2015 and provide a link to your annual statement. However, CCS often asks all suppliers, regardless of size, to confirm their approach to mitigating modern slavery risks in their supply chains. You should have a clear policy detailing how you assess suppliers and ensure fair labour practices.

Equality and Diversity: You must confirm you comply with the Equality Act 2010. This usually involves uploading your Equal Opportunities policy and confirming that no findings of unlawful discrimination have been made against you by an Employment Tribunal or court. Your policy must be up-to-date and actively implemented, not just a document sitting on a shared drive.

Carbon Reduction: For contracts over £5 million, PPN 06/21 requires a Carbon Reduction Plan (CRP) confirming your commitment to achieving Net Zero by 2050. The CRP must detail your current emissions (Scope 1 and 2, and a subset of Scope 3) and outline the steps you are taking to reduce them. Even for smaller SMBs bidding on lower-value lots, having a basic environmental policy and baseline emissions data is highly recommended, as these requirements are cascading down the supply chain.

Health and Safety: You will be asked to confirm your compliance with health and safety legislation. This usually involves providing your Health and Safety policy (mandatory if you have five or more employees) and detailing any enforcement notices or prosecutions by the Health and Safety Executive (HSE) in the past three years.

Worked example

Here is an illustrative example of how to structure a contract description for a Technical and Professional Ability response (often forming the basis of a COTPA) for a cloud migration lot on a framework like RM6263.

Contract Title: Legacy Infrastructure Migration to Public Cloud Customer: Department for Work and Pensions (Illustrative) Contract Value: £450,000 Start/End Date: Jan 2024 – Nov 2024

Description of Services Provided: We acted as the prime contractor to migrate the client's legacy on-premise case management system to a secure AWS cloud environment. The scope included architecture design, data migration (2TB of sensitive citizen data), and the implementation of a new CI/CD pipeline. We provided a multidisciplinary team including a Delivery Manager, two Cloud Architects, and a Security Cleared (SC) Data Engineer.

Relevance to Framework Specification: This contract demonstrates our capability in 'Cloud Migration Services' (Lot 2). We utilised agile methodologies (Scrum) to deliver the project in two-week sprints, aligning with the Government Service Design Manual. We conducted comprehensive user research during the alpha phase to ensure the new architecture met the needs of the internal caseworkers.

Outcomes Achieved: The migration was completed two weeks ahead of schedule and 5% under budget. The new cloud infrastructure reduced system latency by 35% and achieved 99.99% uptime over the subsequent six months. We ensured full compliance with NCSC Cloud Security Principles throughout the data transfer phase, passing all penetration tests with zero critical vulnerabilities.

Common mistakes

Failing to answer every part of a multi-part question. Many PQQ questions have sub-clauses. If you miss one, you fail. Break the question down and use sub-headings in your response to ensure you address every single point explicitly. Evaluators will not read between the lines; the evidence must be clearly stated.
Using outdated policies. Uploading a Health and Safety policy from 2019 or an Equality policy that does not reference the Equality Act 2010 shows a lack of compliance. Review and date-stamp all your core policies annually. An undated policy is often treated as an invalid policy.
Ignoring the word counts. PQQ text boxes often have strict character or word limits. If you write 600 words for a 500-word limit, the portal will truncate your answer, potentially cutting off your most vital evidence. Draft in a word processor first, check the character count (including spaces), and then paste it into the portal.
Assuming 'N/A' is an acceptable answer. Unless the guidance explicitly states a question is optional for your specific business type, never write 'N/A'. If you think a question does not apply, explain exactly why it does not apply based on the procurement regulations. A blank box or an unexplained 'N/A' is usually scored as a fail.
Leaving COTPA signatures to the last minute. Customers are busy. If you email them a COTPA form three days before the bid deadline, they might not sign it in time. Identify your reference contracts during the bid/no-bid phase and request signatures immediately. Have backup references ready just in case your primary contact is on annual leave.
Mismatching financial data. If your stated turnover in Part 4 does not match your uploaded audited accounts, the evaluators will flag it. Ensure your finance director reviews the economic standing section before submission. Any discrepancies must be clearly explained in a supporting document.
Providing generic case studies. A case study that says "we are great at IT" will score poorly. You must map the specific activities in your case study directly to the requirements listed in the framework specification. Use their language, not yours.

Frequently asked questions

What is the difference between a PQQ and an SQ?

They are effectively the same thing. The government officially rebranded the Pre-Qualification Questionnaire (PQQ) to the Selection Questionnaire (SQ) in 2016 to standardise the process via PPN 8/16. You will hear buyers and bid writers use the terms interchangeably, though SQ is technically the correct current terminology.

Do I need three years of accounts to pass?

No. While buyers ask for three years of turnover, the regulations state that newer businesses cannot be unfairly excluded. If you are a startup, you can provide alternative financial evidence, such as a bank reference, cash flow forecasts, or a statement of your current turnover since incorporation.

Can I use private sector contracts as references?

Yes. Unless the specific framework guidance explicitly forbids it (which is rare), private sector contracts are perfectly valid for demonstrating your technical and professional ability, provided the scope of work is highly relevant to the public sector requirement. The key is relevance, not the sector.

What happens if I fail a mandatory exclusion question?

You will be excluded from the procurement process immediately. The only exception is if you can provide robust evidence of 'self-cleaning'—proving you have paid relevant fines, cooperated with investigating authorities, and implemented new compliance measures to prevent recurrence.

Usually, no. The PQQ focuses on your backward-looking compliance and capability. Social value, which looks at what you will deliver in the future (such as creating local jobs or reducing carbon emissions), is almost always evaluated and scored during the Invitation to Tender (ITT) or award stage.

How long does a PQQ take to evaluate?

This varies significantly depending on the complexity of the framework and the number of applicants. For major CCS frameworks, the evaluation of the selection stage can take anywhere from four to eight weeks. You will be notified of the outcome via the eSourcing portal.