Award notification: Send formal letters via Public Contracts Scotland (PCS) or direct communication, including standstill periods if applicable.

Record decision: Document the award decision, including rationale, evaluation scores, and approvals.

Contract signing: Ensure both parties sign all contract documents.

Communicate obligations: Share the contract’s reporting, performance, and governance requirements with the supplier.

Transition plan: Develop a detailed plan covering:

• Responsibilities of the Contract Manager(s)
• Supplier on-boarding timeline
• Systems access, document handover, and key contacts
• Initial performance reporting schedule
• Communication and escalation procedures

Resource allocation: Ensure staff are assigned for monitoring, reporting, and day-to-day liaison.

Risk transfer confirmation: Confirm the supplier has accepted and understands risk responsibilities.

Technical readiness: Confirm any relevant technical systems, premises, or equipment are prepared for delivery.

Kick-off meeting: Hold a formal meeting with all relevant stakeholders and the supplier to review:

• Contract objectives, deliverables, Key Performance Indicators (KPIs), and timelines
• Governance and reporting requirements
• Risk register and mitigation measures
• Communication and escalation processes
• Initial invoicing, payment schedules, and milestones

Action log: Maintain a live log of actions and responsibilities arising from the meeting.

Supplier induction: Ensure supplier staff are familiar with reporting templates, IT systems, and relevant Scottish public sector policies.

Initial reporting period: Typically the first 1–3 months, focusing on compliance, milestone delivery, and financial tracking.

Check risk response: Review supplier’s approach to initial risks and ensure mitigation measures are in place.

Early corrective action: Address any deviations immediately to prevent escalation.

Document lessons: Capture handover lessons for future contracts.

Steering group oversight: Ensure a formal governance forum is in place for medium-to-high risk contracts.

Regular reporting: Agree the frequency (monthly or quarterly) for performance, risk, and financial reporting.

Escalation routes: Clarify which issues escalate and to whom – e.g. Contract Owner, Senior Reporting Officer (SRO), or senior management.

Audit and assurance: Ensure internal audit or independent assurance is scheduled for the first 6–12 months.

1. Proportionate to risk – higher-risk contracts require more robust planning and documentation.
2. Collaboration – early engagement with the supplier sets the tone for partnership working.
3. Transparency and documentation – all agreements should be minuted and filed.
4. Service continuity – the mobilisation plan must minimise disruption to service users.
5. Governance first – roles, responsibilities, and decision pathways must be agreed before work starts.

A structured handover ensures that the contract manager has the necessary information.

Procurement should provide the contract manager with:

• Signed contract / Terms and Conditions (T&Cs)
• Specification and schedules
• Tender responses (technical and commercial)
• Pricing schedules
• Scored evaluation sheets
• KPI and service level requirements
• Risk and issues identified during procurement
• Award letters and standstill documentation
• Transfer of Undertakings (Protection of Employment) (TUPE) information (if applicable)
• Data protection agreements
• On-boarding requirements

Handover Meeting Should Cover:

• Context and purpose of the contract
• Key risks highlighted during evaluation
• Supplier strengths and potential areas requiring attention
• Contract management expectations
• Mobilisation timeline and Go-Live target date

All documents should be stored in the contract/relevant file.

Internal Mobilisation Planning 

 Before meeting the supplier, the public body must align internally. Key actions should include:

Establishing the contract management team, including:

• Contract Manager
• Technical leads
• Finance
• IT/Data protection
• Human Resources (HR)/TUPE leads
• Legal (if required)
• Reviewing resourcing needs
• Mapping internal dependencies
• Agreeing internal governance (who approves what, and when)
• Checking budget availability and coding
• Identifying training needs (e.g., system access, technical knowledge)

Supplier Mobilisation Kick-Off Meeting 

 A formal kick-off meeting is essential in medium–high risk contracts.

Agenda should typically include:

1. Introductions and governance structure
2. Review of the contract objectives and outcomes
3. Mobilisation plan and timelines
4. Supplier resource allocation
5. KPI dashboard and reporting templates
6. Data and system access requirements
7. Business continuity expectations
8. Health & Safety, General Data Protection Regulation (GDPR), security or regulatory requirements
9. Risk review and new risks identified
10. Communication and escalation routes

The meeting should end with:

• A joint action plan
• Named points of contact
• Mobilisation timeline
• Agreement on next steps

Minutes should be recorded and shared.

Confirming KPIs, SLAs & Reporting 

Medium–high risk contracts require clear and tested performance measures from the start.

Actions:

• Walk through each KPI and Service Level Agreement (SLA) with the supplier
• Ensure definitions and measurement methods are clear
• Test reporting templates before Go-Live
• Agree frequency of monitoring (monthly/quarterly)
• Confirm data sources (supplier-provided vs internal systems)
• Agree tolerances and thresholds (green/amber/red)
• Identify KPIs that require base-lining during mobilisation
• Establish how under-performance will be addressed

The supplier must sign off on the agreed KPIs.

A dedicated contract risk register should be created before the contract starts.

Minimum required risk categories include:

• Service continuity
• Supply chain risks
• Financial stability
• Cybersecurity and data protection
• Health & Safety
• Workforce (including TUPE)
• Business continuity
• Dependency on subcontractors
• Political or reputational risks

Each risk should have:

• Likelihood and impact scores
• Owner (public body or supplier)
• Mitigation actions
• Early warning triggers

Risk registers should be reviewed at least weekly during mobilisation.

Medium–high risk contracts require documented, structured governance.

Governance should define:

• Roles and responsibilities
• Delegated authority levels
• Meeting structures:
  • Weekly or biweekly mobilisation meetings
  • Monthly contract review meetings (from Go-Live)
  • Quarterly strategic review meetings
• Reporting expectations
• Decision-making routes
• Dispute escalation procedures
• Audit and record-keeping requirements

This structure must be formally agreed with the supplier.

Early clarity prevents future misunderstandings.

Agreements should include:

• Operational contacts (day-to-day)
• Commercial contacts
• Senior escalation paths
• Emergency contacts
• Response times for routine and urgent communications
• How issues, risks and incidents will be reported
• Shared document locations (if applicable)

A communication plan/matrix should be issued to both sides.

A mobilisation plan is mandatory for medium–high risk contracts.

The plan should outline:

• Activities
• Owners
• Timescales
• Dependencies
• Risks
• Milestones
• Gate reviews (“ready for service” checkpoints)

Examples of mobilisation tasks:

• Staff on-boarding / TUPE transfers
• System access setup
• Site surveys
• Equipment installation
• Process mapping
• Business continuity rehearsals
• Trial runs / test scenarios
• Training delivery
• Data migration (if relevant)

The plan should be reviewed weekly.

Before Go-Live, a Readiness Assessment must be completed.

This should confirm:

• All staff are trained and cleared
• Systems and data access work
• KPIs and reporting are tested
• Business continuity plans are implemented
• Health and Safety and compliance checks passed
• Risks are within acceptable tolerance
• Stakeholders are informed
• Supplier has demonstrated ability to meet service levels

If concerns remain, Go-Live should be delayed or a controlled soft-launch used.

The formal Go-Live requires:

Sign-off from:

• Contract Manager
• Procurement Lead
• Senior Responsible Officer (SRO)
• Legal (if required)

A Go-Live communication sent to:

• Supplier
• Internal stakeholders
• Service users (if relevant)

A contract management pack should be finalised containing:

• Signed contract
• Mobilisation records
• KPI dashboards
• Risk register
• Communications and escalation map
• Meeting calendar
• Contact lists
• Reporting templates

Recommended Governance Tiers

1. Organisation Board/Senior Management Team
2. Senior Responsible Owner (SRO) / Contract Owner
3. Contract Manager (Operational Lead)
4. Commercial / Procurement Team
5. Technical / Service Leads
6. Finance Lead
7. Risk & Assurance / Legal
8. Supplier Relationship Manager (if formal model used)
9. Contract Users / Operational Stakeholders
10. Supplier-side Contract Manager

This structure supports accountability, escalation, transparency, and effective decision-making.

Organisation’s Board / Senior Management Team

Board / Senior Management sponsorship is critical to the success of an embedded Contract and Supplier Management approach.

The Board / Senior Management Team should take the ultimate strategic ownership of business critical strategic supplier(s). They should be fully committed to improving contract performance collaboratively with those suppliers.

Senior Responsible Owner (SRO) / Contract Owner

Overall accountability for contract outcomes.

Responsibilities

• Approves contract management strategy, KPIs, scorecards, and risk plans.
• Ensures compliance with Scottish Procurement Finance Manual (SPFM) and organisational governance.
• Chairs senior-level reviews (monthly/quarterly/biannual).
• Approves significant variations, extensions, or commercial decisions.
• Ensures adequate resources for effective contract management.
• Acts as escalation point for significant performance or financial risk.
• Provides reports to Executive Team or Board.

Contract Manager (Day-to-Day Lead)

Primary role for managing supplier performance and ongoing activities.

Responsibilities

• Develops and maintains the contract management plan.
• Manages KPI reporting, Balanced Scorecard and performance reviews.
• Oversees delivery of services against specification/SLA.
• Ensures continuous improvement and value-for-money initiatives.
• Maintains the contract risk register and ensures mitigating actions.
• Manages contract variations, change control, and compliance.
• Coordinates quarterly contract meetings and performance boards.
• Ensures accurate documentation and audit trail.

In addition, every contract should be managed by a nominated member of staff (‘contract manager/contract management officer’). In a collaborative setting, organisations should determine which organisation will take the lead in managing the contract. An organisation should ensure that there is clarity about the distinction between:

• contract management (the responsibility of the organisation)
• service management (the responsibility of the supplier)

The Contract Manager should have the mind-set to exceed rather than meet required goals. They will, deal with a constantly changing set of requirements. They need excellent communication and stakeholder management skills. They should be the principal owner of the supplier relationship and contract performance. They will be responsible for business-to-business relationships, contract management performance and contract management competencies, including:

• monitoring contract and supplier performance against KPIs and other specified performance indicators (in partnership with contract management contributors and end users).
• monitoring ‘take-up’ and spend through the Framework or Contract
• managing any reactive/unplanned issues which arise in relation to the contract(s)
• communication of performance and efficiency gains as a result of MI analysis
• drafting and issuing supplier or customer surveys where appropriate
• chairing and managing performance reviews with the supplier. This includes end user feedback, and disseminating outcomes
• managing any major performance issues and complaints
• facilitating and championing supply chain innovation, continuous improvement initiatives and best practice
• managing Framework Agreement variations, and communicating outcomes
• managing the extension of any optional extension periods (and/or the re-tender process and the supplier Exit Strategy)
• providing guidance and advice to end users as necessary
• MI validation

Procurement / Commercial Team

Provides strategic commercial assurance and compliance oversight.

Responsibilities

• Advises on governance, contractual interpretation, and commercial risk.
• Oversees contract variations, ensuring legal/commercial compliance.
• Supports annual contract reviews and strategic supplier assessments.
• Ensures adherence to Procurement Journey requirements.
• Provides market intelligence and benchmarking for Route 3 suppliers.
• Supports re-tendering and transition planning.
• Escalates issues involving non-compliance, breach, or poor Value For Money (VFM).

Technical / Service Leads

Ensures the service delivered meets required operational standards.

Responsibilities

• Monitors technical KPIs (e.g., quality, service levels, system availability)
• Reviews technical incidents, root cause analysis, and supplier proposals
• Approves technical changes, solution upgrades, or configuration
• Confirms delivery of milestones, outputs, and deliverables
• Provides expert advice in performance review meetings
• Ensures security, data protection, and health & safety compliance

Finance Lead

Ensures financial governance and cost control.

Responsibilities

• Verifies supplier invoices, reconciliations, and financial performance
• Tracks budgets, forecast spend, and identifies cost variances
• Oversees financial risk (e.g., indexation, inflationary impact)
• Assesses gainshare, efficiency savings, or cost-avoidance proposals
• Supports financial viability assessments of the supplier

• Ensures compliance with finance regulations and the Scottish Procurement Finance Manual (SPFM)

   

Risk, Assurance & Legal

Provides corporate oversight and risk assurance.

Responsibilities

• Supports contract risk assessment and escalation
• Ensures compliance with legal, regulatory, and statutory obligations
• Reviews serious incidents, conflicts of interest, and audit findings
• Advises on disputes, breaches, or termination scenarios
• Ensures appropriate approvals for major variations

Supplier Relationship Manager 

Used in mature organisations or for strategic suppliers.

Responsibilities

• Manages strategic partnership relations beyond day-to-day operations
• Facilitates innovation, improvement, and long-term planning
• Supports relationship health checks and strategic alignment reviews
• Provides insight to category strategies and portfolio management

Contract Users / Operational Stakeholders

Front line staff who use or receive the service.

Responsibilities

• Report issues, risks, or non-compliance in service delivery
• Participate in user feedback, testing, or acceptance processes
• Monitor operational performance that cannot be seen centrally

Stakeholders/end users contribute to contract and supplier management process by:

• supporting and championing supply chain innovation, continuous improvement initiatives and best practice
• facilitating the validation of end user feedback on contract and supplier performance
• contributing data to allow the  monitoring of supplier performance against KPIs and other specified performance indicators
• contributing to performance reviews with the supplier
• participating in the annual performance review
• operational management of compliance, supply, demand and payment at a local level
• managing supplier relationships relating specifically to operational issues
• providing contract/supplier performance data to contract management contributors
• referring supplier performance issues to the Contract Manager
• leading, supporting and championing supply chain initiatives

Supplier-Side Contract Manager

The supplier’s accountable representative.

Responsibilities

• Ensures contractual commitments are delivered
• Provides performance data, KPIs, and improvement plans
• Manages issue resolution and escalations
• Ensures appropriate governance and resourcing on the supplier side
• Leads corrective actions and service improvement initiatives

Contract Mobilisation (0–6 months)

• Confirm roles, governance, and escalation routes
• Set up KPI dashboards and or balanced scorecard and reporting
• Validate staffing, resourcing, and readiness plans
• Baseline performance and risks
• Ensure alignment with relevant commodity strategies and/or tender documents as appropriate

Business-as-Usual Delivery

• Monthly operations meetings.
• Quarterly performance review meetings
• Annual strategic review
• Continuous improvement and corrective action plans
• Audit compliance checks

Contract Variations and Change Control

• Transparent documentation
• Impact assessments (cost, legal, risk)
• Approval workflows
• Communication to all stakeholders

Contract Risk Management

• Maintain a live risk register.
• Risk scoring aligned with organisational frameworks
• Track mitigations and assurance actions
• Escalate red-rated risks promptly

Supplier Relationship Management (SRM)

• Relationship mapping (operational, tactical, strategic)
• Health checks or relationship assessments
• Joint improvement or innovation workshops
• Annual contract and supplier balanced scorecard

Monthly Operational Meeting

• KPI review
• Incidents, issues, and progress
• Short-term actions

Quarterly Performance Review

• Full balanced scorecard
• SLA performance
• Financial performance
• Change proposals
• Risk and compliance

Annual Strategic Review

• Value-for-money assessment
• Market comparison
• Business continuity and resilience
• Innovation and sustainability review
• Long-term planning

Medium/ high-value, medium/high-risk contracts should maintain:

• Contract Management Plan
• KPI dashboard and/or Balanced Scorecard
• Risk Register
• Issue Log and Action Tracker
• Change Control Register
• Supplier Performance Reports
• Governance plan
• Relationship Maps

This framework is suitable for medium–large public bodies. It can be applied to any Route 3 contract.

Purpose of the Governance Framework

To ensure:

• clear accountability
• robust risk management
• transparent performance monitoring
• value for money
• compliance with Scottish Public Finance Manual (SPFM), Procurement Journey, and internal governance
• strong supplier relationships while maintaining commercial discipline

Governance Structure 

Roles included:

• SRO – Senior Responsible Owner / Contract Owner
• CM – Contract Manager (day-to-day lead)
• PT – Procurement/Commercial Team
• SL – Service/Technical Lead
• FIN – Finance Lead
• R&A/LEG – Risk, Assurance & Legal
• SRM – Strategic Supplier Relationship Manager (if applicable)
• SU – Contract Users / Operational Stakeholders
• SUP – Supplier-side Contract Manager

Strategic Governance

• Senior Responsible Owner (SRO)
• Accountable for contract outcomes, risk exposure, financial stewardship and overall compliance.
• Chairs the Annual Strategic Review Meeting.
• Approves major variations, renewals, extensions, or commercial settlements.
• Provides updates to Audit & Risk Committee, Board, or Executive Team.
• Annual Contract Review Board

Participants:
SRO (chair), SRM (if used), CM, PT, FIN Lead, SL, R&A/Legal, Supplier’s senior representative.

Outputs:

• Strategic performance report
• Value-for-money assessment
• Innovation and improvement roadmap
• Re-contracting or extension decision

Tactical Governance

Quarterly Performance Board

Participants:
CM (chair), PT, SL, FIN Lead, R&A/Legal, SRM, Supplier Contract Manager.

Purpose:

• Review Balanced Scorecard results
• Review SLAs/KPIs, incidents, complaints, quality measures
• Assess risk register, financial position, and mitigation progress
• Track contract variations and change requests

Outputs:

• Quarterly performance pack
• Improvement action plans
• Updated risk and issues log

Operational Governance

Monthly Operations Meeting

Participants:
CM, SL, PT (as needed), SU representatives, Supplier Ops Lead.

Purpose:

• Day-to-day performance review
• Operational issues and incident review
• User feedback
• Short-term action logging
• Verification of KPI data

Outputs:

• Monthly KPI dashboard
• Issue/action log updates

Below are some suggested documentation that you should keep on record when managing Route 3 - high value, high risk contracts:

1. Contract Management Plan (CMP)
   • Roles and responsibilities
   • Governance structure
   • KPIs & reporting
   • Risk & contingency
   • Change control
   • Escalation routes
2. Performance Management Framework
   • KPI definitions
   • Data requirements
   • Scoring & weightings
   • Balanced scorecard
3. Contract Risk Register
   • Strategic and operational risks
   • Controls and mitigation
   • RAG scoring
   • Owner and review frequency
4. Issues & Actions Log
5. Change Control Register
6. Financial Monitoring Sheet
   • Budget v. actual
   • Forecasting
   • Invoice validation
   • Indexation tracking
7. Business Continuity & Disaster Recovery Assurance Checklist
8. Stakeholder Communication Plan
9. Exit & Transition Plan

The below table provides an example CSM meeting plan, this can be downloaded at the bottom of the page and amended as required to suit your contract.

Roles included:

• SRO – Senior Responsible Owner / Contract Owner
• CM – Contract Manager (day-to-day lead)
• PT – Procurement/Commercial Team
• SL – Service/Technical Lead
• FIN – Finance Lead
• SUP – Supplier-side Contract Manager