This is pretty normal for government procurement, though. and in fact, most large organisation procurement. There's a whole wall of standards that the supplier must meet, e.g. ISO9000 that your little web-dev shop almost certainly doesn't. They won't buy from a supplier that is likely to go out of business. There's a ton of other criteria that you've got to meet to get the business. If there's any, even the slightest, chance that buying from a business might one day reflect badly on the civil servant in the procurement office, then they won't buy from that business. The civil servant has nothing to lose from saying "no" and runs a risk if they say "yes".

Businesses that do meet these criteria charge like wounded bulls. In part because they know that all the other businesses that the govt could turn to will also charge like wounded bulls.

I think you're being a little unfair to the civil servant who has to follow the law regarding procurement.

I once knew someone who had to solicit 3 bids and document them to buy a $500 camera for local government. They weren't thinking "I am useless and craven", they were thinking "this is silly but I have to do it".

> If there's any, even the slightest, chance that buying from a business might one day reflect badly on the civil servant in the procurement office, then they won't buy from that business.

This is an absurd statement that might as well come straight out of Yes Minister. Buying from PWC reflects badly on them already, let alone when their next scandal happens. Which is of course never far away [0].

I'm sure Fujitsu met similar "criteria" when selected for Horizon. How well that selection reflected on the procurement office..

[0] https://en.wikipedia.org/wiki/PwC#Litigation

When was the last time you touted for this sort of business?

Strictly speaking its ISO 9001 but we do the same as you and call it ISO 9000. You forgot 27001 and 14001.

I wrote a relevant article on this last year "On-Time and Under-Budget. Where some IT projects are Probably Going Wrong." [https://rodyne.com/?p=2074]

ISO9000 is, bar none, the most brilliant grift I have ever encountered. It's so simple, yet so elegant.

Step 1: Come up with an incredibly easy to meet standard (because you don't want anybody abandoning the process because it's too much of a hassle) that sounds like a reasonable requirement on paper (to make it easy to pitch as a basic requirement of doing business). Say, "Have a plan for the things you do".

Step 2: Add one additional requirement to your standard: "Prioritize Vendors that meet this standard".

Step 3: Obscure the hell out of the standard, (to not make the grift too obvious) and stick it behind a paywall.

Step 4: Franchise out the (nigh-impossible to fail) "approval" process to 3rd parties, who pay you for the privilege.

Step 5: Your first few "standardized" companies put pressure on their vendors and customers to get certified, so they hire consultants, who in turn pay you, who tell them "Good job, you meet the standard. But do your vendors?".

Step 6: Watch as the cash floods in.

(Optional, Step 7): Once a bunch of major companies are certified, target governments to do your marketing push for you.