5 things every GCF public sector organisation needs to cut IT costs


There’s been a revolution going on in the world of IT services for public sector organisations over the past year or so. It’s put choice and cost savings into the hands of every one of the near 600 public sector organisations that currently use the GSi Convergence Framework (GCF) contract to purchase many of their important IT services.

But it seems that some organisations may miss out on this opportunity if they don’t move quickly. That means you could be locked into a deal that limits your choice and flexibility, and costs you far more than it should.

So, if you’re currently a GCF customer - and that’s pretty well every PSN-connected organisation across the country - your contract will likely expire between December 2016 and March 2017. That means you’ll need to buy some alternative services to replace the ones included in the GCF contract to continue to reach the important government and law enforcement services you need.

Choosing your services

You can choose whichever services you need, and whoever you want to provide them. It’s entirely up to you and your organisation’s needs.

But it’s important that you start right now. Here are the 5 things you should be doing:

  1. get an email service
  2. make sure you have a network connection
  3. cancel the services you don’t need
  4. get ready for a new DNS service
  5. tell us if you’re using N3 or TESTA

Get an email service (and look to the cloud)

Your current GCF contract includes an email relay and gateway service (it’s part of your GCF core services bundle) that allows your organisation to email other public sector organisations that are also connected to the same network.

You’ll be using this service if your email domain is,, or

Currently, these domains run under the GCF contract but, as it’s ending soon (it must end by March 2017), you’ll need to choose an alternative email service.

The good news is that these domains aren’t locked to the GCF contract, so you can take your, or other email domains with you to any new service provider. And that includes a public, cloud-based email service.

I know people have lots of questions about this, especially about email security. The government guidance around this is that it’s perfectly okay for you to move your domain to a public cloud service. You just need to able to show that you have protection in transit, verification of sender/recipient and assurance of security at each end. It’s the same process as you’ve done in the past, just in a slightly different way.

Nick Woodcraft, from the Common Technology Services (CTS) team, wrote an excellent blog post that explains the thinking behind the updated policy on securing government email. CTS have also recently published guidance to help public sector organisations understand the policy, and provide you with the information you need to help you move to a cloud-based service.

Take a look at Nick’s blog post and check out the guidance and, when you’re ready to find a solution that suits your business, visit the Digital Marketplace.

There are already more than 200 organisations in central and local government, and over 150 in health and police using public cloud services, so you’ll be in good company.

Wherever possible you should move to a cloud-based email service. Government has been advocating a Cloud First policy since 2013. If you don’t yet have the desire or capability, you could buy or re-use an existing on-premise email service, and point it to a cloud-based spam and virus filtering service. Just take a look at Digital Marketplace if you need a supplier.   

Make sure you have a connection

If you have a GCF contract, it’s likely that you have purchased network connectivity through the framework: it’ll usually be called a ‘GCF connectivity’ or ‘GCF access’ service on your contract.

Like your email relay and gateway service, the network connectivity service will end by March 2017 at the latest and you’ll need to choose an equivalent service from the Network Services agreement (RM1045).

This agreement provides you with access to networks and telecommunications services, including PSN compliant services. It provides savings, choice and flexibility for all publicly funded organisations; while ensuring compliance with the wider government technology strategy through our ongoing engagement with Government Digital Service (GDS).

You may know there are two types of PSN network connection: PSN assured and PSN protected. PSN protected is more expensive because it provides network-layer encryption. PSN-connected organisations can now move from the protected to the assured network, because they can use application-layer encryption, which is readily available and removes the expensive overhead of network-layer encryption.

If you currently have a PSN protected connection, you could save money and get the same security if you switch to the assured network and use application-layer encryption on your services. Nick’s guidance describes how you can do this for email.

If you need any help when you’re choosing your network connectivity please contact CCS.

Cancel the services you don't need

This is a really important item and one that often gets overlooked. You’ll need to cancel all the services you don’t need and won’t use. And the sooner you do that, the sooner you’ll be able to make big savings.

You can cancel your services by contacting your GCF service provider directly. If you need any help with this, please contact CCS.

Get ready for a new DNS service

Your current GCF contract includes a paid-for Domain Name System (DNS) service, which will end when your contract ends. GDS is currently working to buy a new DNS service which will be offered for free to PSN-connected organisations.

This new service will be more secure and it will process DNS change requests much more quickly than before. Depending on the final agreement, it may also include self-­service tools that let you manage your own namespaces directly, including their visibility from the PSN and from the internet.

As soon as we’ve confirmed the details we’ll let you know about the new service, how you can switch over to it and give you guidance on some minor configuration work you’ll need to do to take full advantage of the new service.

In the meantime, there’s no need to run your own procurement for a central PSN DNS service.

Tell us if you’re using N3 or TESTA

Again, as part of your current GCF contract, there are some services included that few organisations actually use. If you don’t use these services then simply cancel them with your provider (and you’ll be able to save money!)

However, If you’re a public sector organisation you may use the peer-to-peer connection to N3:the national network that connects all NHS locations across England.

Or, if you’re a central government department, you may use the European Commission network, called TESTA-ng, to exchange data with other public administrations across Europe.

GDS is currently developing plans to ensure these services continue to work. As soon as we’ve confirmed the details we’ll let you know about the new service, and what you’ll need to do to make sure you can connect to and use them.

In the meantime, let the GDS team know if you’re using the N3 or TESTA service so they can let you know when the new services are available.

Next steps

We’ll continue to work with GDS and the supplier community to make progress with the services that still need to be finalised. We’ll keep you up to date as the status develops and provide more details about the new services and how you can connect to them (and let you know about any changes you may need to make).

We’re expecting this work to be completed within the next couple of months, so keep watching this blog. If you have any questions about any of this, contact CCS or the email the GDS team.

Tony Brown is the Category Lead at Crown Commercial Service (CCS)

Sharing and comments

Share this page