Commercial case

The commercial section of the Green Book business case focuses on the procurement strategy and delivery of the connectivity improvement project. It should outline how the project will be commercially viable, the route to market, contract management, and any implications for service delivery. This may be largely determined by existing contract relationships and suppliers, although for completeness, you should consider including content covering the sections below.

Examples of sections and content to include:

Market analysis: briefly discuss the market for connectivity infrastructure and solutions in healthcare, including an overview of available suppliers, technologies, and pricing structures. Identify potential vendors with experience in the NHS, or at least healthcare settings, and mention whether market engagement (such as request for information or market testing) has been conducted.

Procurement approach: describe the approach for selecting a supplier. This might include using existing NHS Shared Business Services or CCS frameworks and then running a competitive tendering process, or a direct award to a supplier. Justify the chosen approach based on factors such as cost, speed, complexity, and compliance with public procurement regulations.

Evaluation criteria: outline the criteria that will be used to evaluate potential suppliers, including cost, technical capabilities, experience in healthcare environments, scalability, security features, and after-sales support.

Technical specifications: describe the high-level requirements for the new infrastructure. For example, for a Wi-Fi network include required Wi-Fi standards, which systems and services access is required for, and any additional features the access points may need to support for internet of things (IoT) devices (BLE), Wi-Fi calling or real time location systems.

Minimum throughput along with other performance metrics such as round trip delays.

Specify, or get options for maximum throughput for the infrastructure from suppliers. For example, you may need to increase throughput in future and should ensure that network bearers can support this.

The expected capacity, or how many connections or devices the solutions should be able to support (where applicable).

Wi-Fi coverage surveys should drive the assessment of the actual number of access points and supporting infrastructure required.

Environmental requirements: describe any high-level environmental requirements such as dynamic power capabilities or management, or any environmental design constraints.

Performance metrics: define key performance indicators to be included in the supplier contracts, such as availability, response times for technical support work arounds and resolutions as well as service quality thresholds.

Define data security standards and requirements using the:

Data Security and Protection Toolkit (DSPT). This is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. As data security standards evolve, the requirements of the DSPT are reviewed and updated to ensure they are aligned with current best practice.

Cyber Essentials. This is an effective, government-backed baseline scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.

Resilience: describe the planned resilience. Are backups, for equipment or power supply, required and included? Do these differ across the technical options presented?

Terms and conditions: highlight key contractual terms, including duration, renewal options, exit clauses, payment milestones, penalties for underperformance, and warranty or support services. Bear in mind that CCS frameworks have comprehensive contract terms that favour the customer and will have been agreed by the suppliers on that framework.

Ensure that the terms and conditions, such as Service Level Agreements (SLAs) of any contracts align with your organisational Disaster Recovery and Business Continuity plans.

Risk allocation: discuss how risks (such as delays in implementation, cost overruns or technical failures) will be managed within the contract. Identify which risks will be borne by your organisation and which will be transferred to the supplier, such as warranties covering equipment failures.

Cost management: outline strategies to manage costs, including negotiating bulk discounts, fixed-price arrangements, or leasing equipment to reduce upfront costs. Discuss potential funding sources or budget allocations for the project.

Value for money: explain how the procurement approach ensures value for money. This could include competitive tendering to get the best price, selecting a supplier with a proven track record in healthcare, or incorporating service credits for performance issues.

Implementation plan: provide an overview of the delivery schedule, including key milestones (such as site surveys, equipment installation or testing phases). Identify roles and responsibilities for both your organisation and the supplier to ensure successful implementation.

Change management: describe how the contract will address changes. Include flexibility to adjust the scope, such as connecting new buildings to the infrastructure, extending Wi-Fi coverage to new wards, or outdoors to ambulance bays), and how it will keep up with new technology and avoid outdated systems over time.

Monitoring and reporting: outline how you will monitor the supplier's performance, including regular reviews, service-level reporting, and mechanisms for addressing issues. This might involve periodic audits or a dedicated contract manager.

Post-implementation support: include provisions for ongoing support, such as technical assistance, regular updates, and staff training. Define expectations for post-installation maintenance, including response times for repairs and software updates.

If the incumbent supplier has been selected, or incumbency is a factor in supplier selection you should explain how and why this has influenced the procurement process.

Aim to provide assurance in this section that the costs included are representative of market rates, that they have been competitively sourced and detail how they have been arrived at, for example, detailing how many suppliers have been contacted for pricing.

What physical access is required by suppliers to locations following the upgrade or change? For example, out-of-hours, change freezes, secure areas, escorting, security.

Confirm if you require a communications plan to ensure that staff at sites are aware of work happening and any impact on staff and sites.

Has the lifecycle support model for equipment, such as Wi-Fi access points, been assessed and included?

You should include a summary of your current connectivity estate and how it is performing. This can be supported by network performance monitoring data or the results from a Wi-Fi survey. Consider whether this work is a dependency for submitting the business case, or if surveying forms part of the business case.

You should seek the support and guidance of your local cyber security adviser and follow local and national policies and procedures.

It is strongly recommended that NHS organisations make use of the support and guidance provided by the National Cyber Security Centre (NCSC).