Start date: Wednesday 1 January 2020
Value: £2,860,959.20
Company size: SME
Information Application Services (IAS), Directorate of Information, Army HQ


5 Incomplete applications

2 SME, 3 large

2 Completed applications

2 SME, 0 large

Important dates

Thursday 26 September 2019
Deadline for asking questions
Thursday 3 October 2019 at 11:59pm GMT
Closing date for applications
Thursday 10 October 2019 at 11:59pm GMT


Summary of the work
IAS is a Software House and Hosting Provider to Army and wider Defence. It designs, delivers and maintains solutions within its Private and Public cloud environments. This requires a core team of domain experts in the technologies that underpin this capability
Latest start date
Monday 18 November 2019
Expected contract length
2 years
South East England
Organisation the work is for
Information Application Services (IAS), Directorate of Information, Army HQ
Budget range

About the work

Why the work is being done
IAS provides private clouds for intranet and internet users. It develops and hosts 70+ applications on these clouds. The applications are used by Regular Army, Reserves, Civil Servants across Army and wider Defence and include apps for ERP, HR, logistics, etc.
The private clouds must be secure, performant and highly available.
IAS are using DevSecOps to deliver applications and services through a fully automated delivery pipeline onto the production Oracle/Linux and Microsoft. 4th Line Support is required to maintain, remediate and implement minor changes/upgrades.
The supplier also needs to provide additional technical resource on demand as requirements evolve.
Problem to be solved
Provision of a cost effective, flexible architecture and design service that can meet the demands of IAS. This includes support and maintenance of the current applications/services and infrastructure. The service must also provide solution design and delivery of services for new requirements that are technology agnostic.
The service must also define and maintain a technological roadmap for IAS that is aligned to business needs, is coherent with Defence's requirements and leverages industry best practice.
Who the users are and what they need to do
The users of the Applications and Services are Regular Military, Reserves, Civil Servants and contractors across Defence. The users log onto the Ministry of Defence Network(s) or internet facing intranets and browse to appropriate URLs. Access is granted via single sign on.
IAS requires that the private clouds hosting these applications provide a robust and performant environment. They must deliver the required SLAs. The service must provide 4th line technical support to the infrastructure in addition to delivering design and implementation of new technologies meeting evolving requirements. The service will downstream knowledge to the 2nd and 3rd line support teams.
Early market engagement
Any work that’s already been done
Existing team
The existing team consists of various parties to support the full software development life-cycle. This includes areas such as infrastructure support, support to ops, in-service management, programme management and service transition. These areas are provided by a combination of military personnel, civil servants and personnel from other suppliers.
It is essential that all the teams work as one coherent whole. There is a "no blame" culture where flexibility is required from all teams to overcome problems and deliver a seamless, quality service to the end users.
Current phase

Work setup

Address where the work will take place
The place of delivery for the service shall at such location(s) as agreed between the outcomes supplier and the Authority. The primary location for IAS is Army Headquarters, Andover, Hampshire
Working arrangements
It is expected that the majority of the work will be conducted from Andover. The MOD WAN environments are hosted at Andover and Farnborough. The public facing environments (AWS/Azure - UK Based) are hosted in commercial Data Centres and supported remotely.

Travel and subsistence will not be paid when working at the primary location. Should the Authority require the resources to work at a different location/travel for meetings, reasonable expenses MAY be considered on a case by case basis.

The supplier will deliver to IAS standards, policies and processes.
Security clearance
All team members require a minimum of Security Check. A number of the Key Roles require Developed Vetting (see SOR, Table 1 - Minimum FTE Resource Structure for more information)

Additional information

Additional terms and conditions
DEFCON 5J (Edn 18/11/16) Unique Identifiers
DEFCON 76 (Edn 12/06) Contractors on site
DEFCON 129J (Edn 18/11/16) Electronic business Delivery Form
DEFCON 513 (Edn 11/16) Value Added Tax
DEFCON 516 (Edn 04/12) Equality
DEFCON 518 (Edn 02/17) Transfer
DEFCON 531 (Edn 11/14) Disclosure of Information
DEFCON 534 (Edn 06/17) Subcontracting/Prompt Payment
DEFCON 537 (Edn 06/02) Rights of Third Parties
DEFCON 550 (Edn 02/14) Child Labour/Employment Law
DEFCON 566 (Edn 12/18) Change of control of contractor
DEFCON 642 (Edn 06/14) Progress meetings
DEFCON 658 (Edn 10/17) Cyber (if over Not Applicable)
DEFCON 694 (Edn 07/18) Accounting for Property of the Authority

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Must have minimum 5-years proven/demonstrable experience (dependent on SFIA level) in the provision of the technical solutions listed within Schedule 1 of SOR within a large disparate organisation (10-points)
  • Worked in a large organisation supporting Agile methodologies to design/develop secure, scalable enterprise level applications hosting platforms using VMware, Oracle, Red Hat and Microsoft technologies (10-points)
  • Must have minimum 5-years proven and demonstrable experience as the Design Authority for large hosting environments or infrastructure projects (8-points)
  • Recent hands on knowledge and experience with the deployment, configuration and support of NVME based Pure Storage FlashArrays and FlashBlades (8-points)
  • Extensive hands on knowledge and experience with Proliant compute hardware, Cisco adaptive security appliances, Nexus switches, BlueCoat Packet shapers, DeepSecure datadiodes, Enterprise Catapans and Gemalto HSMs and keys managers (10-points)
  • Minimum of 3-years experience of delivering Enterprise PKI hosted solutions and running a Level 1 Certificate Authority (L1CA) service within a highly secure defence accredited environment (5-points)
  • Must have demonstrable experience within last 3-years of DevSecOps automation using Ansible and Ansible Tower to provision platform infrastructure as software (8-points)
  • Demonstrable experience within last 3-years presenting/briefing enterprise influencers and C-Level management to support business cases and courses of action.  Requires ability to deliver clearly and confidently unpalatable information (8-points)
  • Demonstrable experience within last 3-years of DevSecOps expertise building PaaS container technologies (Docker, Kubernetes) using Pivotal Cloud Foundry or Red Hat OpenShift within a secure, Defence accredited hosting environment (10-points)
  • Extensive and demonstrable expert market knowledge of industry trends and emerging technologies (4-points)
  • Demonstrable experience within last 3-years of successfully building secure, accredited, software defined hosting infrastructure that collect/manage personal and/or sensitive information with appropriate controls/protection in-line with JSP440 JSP480 JSP604 (12-points)
  • Demonstrable experience within the last 5-years of delivering to Defence enterprise level standards and policies (15-points)
  • Demonstrable experience of leading the integration of large multi-tier COTs applications into a highly secure and current Defence hosted and accredited environments (10-points)
  • Recent and demonstrable experience of delivering High Level and Low Level Solution Design documents based on Oracle, Microsoft, VMware and Red Hat technologies (8-points)
  • Proven and demonstrable experience delivering, managing and maintaining and gaining accreditation for a secure Private Cloud within a defence or government network (8-points)
  • Extensive demonstrable experience of designing, reviewing, delivering secure multi-tier hosting platforms based on Windows 2012 R2/2016/2019 and Red Hat Linux 6.x and 7.x OSs into secure SDDC based environments (8-points)
  • Minimum 4-years design and implementation experience of delivering solutions that include VMware NSX-v, SRM, vRealize Automation and vCloud suite (8-points)
  • Proven experience of designing/delivering a SIEM solution utilising MicroFocus ArcSight software and appliances within a secure environment. Using vulnerability scanning  tools to diagnose security issues within system infrastructure (8-points)
  • The Team supplied must be poly-skilled SFIA level 5 to 7 Architects and Infrastructure Engineers. Domain expertise in Oracle, Microsoft, VMware, RedHat, Enterprise Storage and Networking (12-points)
  • Demonstrable experience within last 3-years of successfully integrating systems via APIs, including on-premise and other cloud-based services (8-points)
Nice-to-have skills and experience

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Say how you will meet the buyer's technical requirement (3-points)
  • Approach and methodology to meeting the requirements outlined in SOR (2-points)
  • Approach for transition of service, running and knowledge transfer (6-points)
  • Give examples of KPIs and SLAs that you would be prepared to commit to for this contract (2-points)
  • Provide an exit plan for the transition to an alternative supplier at the end of the contract and enable the transition (2-points)
  • Provide evidence of team skills/experience for undertaking the work. How will they work together. List roles, responsibilities current clearance levels and number of people for each role/stage (10-points)
  • Provide team structure, CVs and relevant experience of the team who could be part of the service as defined in Schedule 2 of SOR (10-points)
  • Provide a minimum of one reference-able client-focused case study where your proposed team have provided the desired service capability (3-points)
  • Ability to mobilise the team quickly and approach to service continuity (4-points)
  • Explain your plan to retain key resources/skills for contract duration and how you can commit to meet IAS' continuous, growing need for domain experts across multiple technology disciplines (4-points)
  • Ability to scale up and down resources, whilst ensuring quality and consistency (2-points)
  • How will the proposal optimise costs and generate savings. Detail specifically how you will minimise transition costs between current team and new supplier (3-points)
  • Identification of the risks and dependencies associated with this requirement and your proposed mitigation (2-points)
  • Resources must have experience within the last 3-years of working on all technologies listed in Schedule 1 SOR. Provide matrix showing required skills against each resource. Prove these capabilities (12-points)
  • Describe how you will ensure you meet IAS’s requirements and how you will rectify any service performance shortfalls. Provide likely timelines for these rectification activities (2-points)
  • IAS deliver in a diverse and complex environment. Describe how you deal with high levels of “unplanned” activities in parallel with a demanding programme of scheduled activities (2-points)
  • Provide example of major service effecting incident when your team was delivering TDO. Describe your approach to minimising effects, approach to problem resolution and your RCA methodology (2-points)
Cultural fit criteria
  • Proven experience in last 3-years of an open/collaborative working relationship at all levels with excellent communication and co-ordination skills when conducting team meetings, presentation and demonstrations
  • Has a no-blame culture and encourages people to learn from their mistakes, working as "one team"
  • Suppliers must demonstrate an ability and willingness to work collaboratively within a multi-vendor delivery environment
  • Able to communicate effectively with users and wider technical teams to solve issues amongst complex integrations
  • Proven ability to add value to IAS through the use of innovation, continuous improvement and cost savings utilising technology
Payment approach
Capped time and materials
Assessment methods
Written proposal
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Please can the Authority confirm how this opportunity differs from the identically-named opportunity posted at "" which was recently cancelled?
This opportunity is exactly the same apart from the start date of the contract which is now 18 November 2019
2. The majority of the "essential criteria and experience" read as references to individual people. As the number of years are not necessarily relevant to corporate experience in the area. How do you expect us to answer these questions?
We require a team with the necessary skills and experience to help deliver outcomes in a fast and agile arena. We therefore need to understand the experience and skills the supplier can bring to the department by providing responses against the criteria indicated in the advert.
3. Can the authority please confirm the IR35 status of the roles within this assignment?
As the Authority is contracting out the services to a third party and the workers do not personally provide their services to the Authority, IR35 does not apply in this instance. IAS would be willing to accept a substitute, have limited supervision in terms of requesting outcomes and no mutuality of obligation to the supplier. Our behaviour and working practices are designed to be in keeping with a service provision.
4. Can the authority please confirm the IR35 status of the roles within this requirement?
As the Authority is contracting out the services to a third party and the workers do not personally provide their services to the Authority, IR35 does not apply in this instance. IAS would be willing to accept a substitute, have limited supervision in terms of requesting outcomes and no mutuality of obligation to the supplier. Our behaviour and working practices are designed to be in keeping with a service provision.