Direct procurement allows public institutions and local governments to meet needs below certain monetary thresholds more quickly, without going through a full tender process. In software and digital services, this method is frequently used for items such as websites, small-scale applications, integrations, maintenance and consultancy.
However, "fast" does not mean the process can be handled loosely. Software is not a physical product taken off a shelf and delivered; when its scope, sustainability and data security are not defined correctly, it can become a long-term burden for the institution. This guide outlines the core considerations institutions should evaluate when procuring software through direct procurement.
Clarify the scope with a needs analysis
The most common mistake in direct procurement is requesting quotes before the need is sufficiently defined. Generic phrases like "a website" or "an application" make it impossible to compare offers meaningfully and lead to gaps between expectation and delivery.
Before requesting quotes, it helps to put the following questions in writing:
- What concrete problem will the solution address, and which department will use it?
- Which modules, screens or functions represent the minimum expectation?
- What is the estimated number of users and data volume?
- Is integration with existing systems (e-government, document management, accounting, CRM, etc.) required?
- Are accessibility and mobile compatibility expected?
Even a short written definition of the requirement improves the comparability of offers and protects the institution at the delivery stage.
Remember that price alone is not a sufficient criterion
Price is an important factor in direct procurement, but in software the lowest quote rarely means the lowest total cost. A low-priced solution can become more expensive later due to missing functionality, source code that cannot be transferred, closed infrastructure or high maintenance fees.
Evaluate the total cost of ownership: licensing and subscription fees, annual maintenance, server/hosting costs, unit prices for additional development and training costs. The quote should specify item by item what is and is not included.
Delivery, source code and transferability
A critical concern for public institutions is becoming dependent on a single supplier. At the quote or contract stage, clarify the following:
- Will the source code be delivered to the institution, or is only a usage right granted?
- Is data stored in exportable, standard formats?
- When the service ends, can the data and system be transferred to another supplier?
- Will technical documentation and administrative access be handed over?
These questions protect the institution from long-term vendor lock-in and ensure that digital assets remain under the institution's ownership.
Data protection compliance and security
Public institutions are responsible for the personal data they process under Türkiye's data protection law (KVKK, Law No. 6698). When procuring software, data security is not an option but a requirement. Examine the following points in the solution offered:
- Where (domestic/abroad) and how the data is hosted
- Server-side validation, authorization and access controls
- Security measures in communication and form flows (e.g. bot protection, rate limiting)
- MIME and size validation on file upload fields, with private storage
- Privacy notices, explicit consent management and audit logging of transactions
Especially in citizen-facing forms and application systems, data must be processed not in a publicly exposed manner but within an authorized and auditable structure.
Sustainability, maintenance and support
Software is not a job that ends the moment it is delivered. Security updates, regulatory changes and user requests require ongoing maintenance. It is important that the quote clearly defines the warranty period, maintenance scope, defect resolution times (SLA) and support channels.
Also assess whether the solution can grow (scale) with future needs. An application that looks small today may have to be rebuilt from scratch if it is not built on a solid architecture when user numbers grow or new modules are required.
The supplier's corporate profile
In direct procurement, supplier selection should be evaluated as more than simply finding any party able to issue an invoice. Corporate structure, continuity of the technical team, a demonstrable solution approach and the capacity to honor the contract determine long-term trust, particularly in public projects. Companies operating within a technology development zone (technopark) and working with an R&D focus generally offer a more predictable profile in terms of sustainability and technical depth.
The VexCore approach
VexCore Teknoloji A.Ş. develops AI-powered software, custom enterprise development, data analytics, system integrations and operational control solutions for public institutions, local governments and private enterprises. It operates within Dijitalpark Teknokent with an R&D-driven approach. It offers Notivex for monitoring operational processes and managing notifications, Kurumsal Kimlik Ofisi for institutions' digital visibility, and KKO Radar for digital footprint and AI/GEO visibility analysis.
If you have a software or digital service need within the scope of direct procurement, a short needs-analysis conversation is a good starting point for defining the scope correctly and making a comparable evaluation. You are welcome to contact us to clarify your requirements and review the options together.