CCS RM6188 Network Services 3 Lot 4: Bid Strategy for Tier 1 Telcos
CCS RM6188 Network Services 3 Lot 4: Bid Strategy for Tier 1 Telcos
The Crown Commercial Service's RM6188 Network Services 3 framework represents approximately £4 billion of spend over its term, with Lot 4 addressing inter-site connectivity for large public sector estates. This is high-volume infrastructure work: central government departments, NHS trusts with dozens of sites, police forces requiring resilient multi-site links. The commercial reality matters here. Framework award gets you to the table, but profitability comes from call-off execution at margins that can be uncomfortably thin if your supply chain or accreditation posture isn't right.
Lot 4 sits at the more technically demanding end of the spectrum. You're dealing with buyers who understand the difference between active-active and active-passive failover, who will interrogate your geographic separation of infrastructure, and who expect granular SLA structures that differentiate between backbone failure and last-mile issues. The technical evaluation reflects that depth.
Technical Evaluation Criteria That Determine Award
CCS structures the Lot 4 evaluation around three core areas: service level depth, resilience architecture, and security accreditation. Each carries weight, but they're not evenly distributed and the weighting tells you where CCS expects Tier 1 providers to differentiate.
SLA depth accounts for roughly 25% of technical scoring in most recent iterations. CCS wants to see SLAs that segment by fault domain. A single aggregated uptime commitment across all sites doesn't demonstrate technical understanding. Buyers expect to see distinct commitments for backbone availability, access circuit performance, and fault response by site classification. You'll need restoration time commitments that vary by circuit type and geography, with clear escalation paths when thresholds breach. The suppliers who score well build SLA matrices that align to operational reality, not marketing aspiration.
Resilience architecture typically carries 35 to 40% of the technical weighting. This is where active-active versus active-passive configurations matter commercially, not just technically. Active-active resilience costs more to deliver but reduces single points of failure. CCS evaluators understand this trade-off and will test whether your proposed architecture genuinely supports the resilience tier you're claiming. Geographic separation of infrastructure is non-negotiable for higher resilience tiers. If both your primary and secondary paths traverse the same physical points of failure, or if both terminate in the same data centre, your resilience claim collapses under technical scrutiny.
Security accreditation forms the remaining 35 to 40%. This isn't about holding a certificate. It's about demonstrating an end-to-end accreditation chain that meets NCSC guidance and supports IL3 workloads and above. Your own ISO 27001 certification matters, and we've covered whether ISO 27001 is worth pursuing for CCS bidders elsewhere. But Lot 4 also requires you to evidence how your supply chain partners meet the same bar, how you handle encryption key management, and how you support buyers who need to segregate classified traffic from general network use.
The relationship between Cyber Essentials Plus and ISO 27001 for public sector bids becomes relevant here. Cyber Essentials Plus is table stakes, but it won't carry you through IL3 conversations. You need demonstrable alignment with NCSC cloud security principles and the ability to evidence that alignment through accreditation, architecture documentation, and operational process.
Commercial Reality and Margin Dynamics
Framework award on RM6188 Lot 4 doesn't generate revenue. Call-off wins do, and the commercial structure of those call-offs determines whether this is profitable work or a cost centre with strategic value only.
Public sector buyers using RM6188 for large estates typically run further competitions or direct awards depending on value and complexity. Direct awards below OJEU thresholds happen, but most material call-offs involve some form of competitive process among framework suppliers. Your framework pricing anchors negotiations, but call-off pricing reflects actual delivery cost and competitive tension at the point of procurement.
Margins on high-volume inter-site connectivity work sit in the 8 to 15% range for well-optimised suppliers. That optimisation depends almost entirely on supply chain economics and operational efficiency. If you're buying wholesale capacity or leasing last-mile access from other infrastructure providers, your margin compresses quickly. If you own significant physical infrastructure and can deliver on-net, margin improves. The difference between profitable and marginal call-offs often comes down to what percentage of the required sites you can serve without wholesale dependencies.
This creates a structural issue for some Tier 1 providers. Owning national fibre infrastructure doesn't mean you own access to every NHS community hospital or regional police HQ. The economic question is whether you invest in extending physical reach to improve margin on future call-offs, or whether you accept wholesale costs and compete on service differentiation instead. That decision needs to happen at framework application stage because it shapes your resilience architecture and pricing model.
Sovereign Cloud and Data Residency Requirements
Late 2025 brought revised requirements around data residency and sovereign cloud principles. These changes don't rewrite the framework, but they materially affect how you design and describe your solution architecture for certain buyer types.
The core requirement is straightforward: all network management data, traffic metadata, and configuration information for public sector networks must remain within UK jurisdiction. That includes data flowing to or processed by your network management platforms, orchestration tools, and monitoring systems. If your network operations centre relies on cloud-based management platforms hosted outside the UK, or if traffic analysis data feeds into systems subject to third-country legal jurisdiction, you have a compliance gap.
This affects Tier 1 providers with global operating models more than UK-centric players. Centralised NOCs in European or US locations, shared management platforms across international customer bases, and consolidated data lakes for network analytics all create potential conflicts with the new residency expectations. The fix isn't necessarily expensive, but it requires architectural separation that some providers haven't built yet.
Sovereign cloud principles extend beyond data location. CCS increasingly expects suppliers to evidence operational separation: UK-based staff with security clearance handling government network operations, separation of government traffic from commercial customer environments, and demonstrable limits on third-party access to management systems. If your service delivery model relies on offshore support tiers or third-party managed service partners without UK nexus, you'll need to redesign or accept that certain call-offs will be out of reach.
Three Structural Decisions at Framework Stage
Tier 1 telcos approaching RM6188 Lot 4 face structural choices that can't easily be revised post-award. These decisions shape competitive positioning for the framework term.
First, infrastructure ownership versus partnership. Will you bid based primarily on owned infrastructure with targeted wholesale partnerships to fill gaps, or will you construct a solution heavily dependent on wholesale access and third-party providers? The former offers better margin potential but requires honest assessment of geographic coverage. The latter provides broader nominal reach but compresses margin and introduces supply chain risk. CCS evaluates both models, but buyers at call-off stage often favour solutions with lower supply chain complexity when resilience is critical.
Second, accreditation scope and timing. Will you pursue NCSC certification for specific network patterns and IL classifications before framework award, or will you describe a pathway to accreditation with delivery post-award? Early accreditation costs money and takes time, often six to nine months for complex network environments. But it differentiates at award stage and removes a barrier at call-off. Pathway descriptions are acceptable, but they don't score as strongly and they create delivery risk if certification proves harder than anticipated.
Third, management platform sovereignty. Will you architect UK-sovereign network management and orchestration capabilities, or will you retain global platforms and accept that some buyer requirements will be out of scope? This decision affects capital allocation and operational model. UK-sovereign platforms require investment and may reduce economies of scale if you're operating similar platforms elsewhere. But they unlock call-offs from buyers with strict residency requirements, and that population is growing.
These aren't binary choices with obvious right answers. They're trade-offs between investment, margin, addressable market, and competitive differentiation. The mistake is deferring them until call-off stage, when architectural constraints and commercial commitments limit your flexibility.
RM6188 Lot 4 rewards suppliers who understand that framework award is commercial qualification, not commercial success. Success comes from call-off wins at margins that justify the operational complexity. That requires decisions at framework stage about where you'll compete and what you'll build to compete effectively.
At Glaxtons, we work on success fees tied to call-off contract wins, not framework awards. We only earn when you convert framework access into revenue.
Book a call at www.glaxtons.co.uk/contact
Glaxtons, 3 More London Place, London SE1 2RE