Awarded to Methods Business and Digital Technology Limited

Start date: Monday 9 December 2019
Value: £206,200
Company size: SME
Department for International Trade

DIT Consent Service

25 Incomplete applications

22 SME, 3 large

20 Completed applications

17 SME, 3 large

Important dates

Friday 4 October 2019
Deadline for asking questions
Friday 11 October 2019 at 11:59pm GMT
Closing date for applications
Friday 18 October 2019 at 11:59pm GMT


Summary of the work
Development of a data service for consolidating, storing and managing consent for personal and company information being processed by the Department for International Trade.
Latest start date
Monday 25 November 2019
Expected contract length
3 months with possible extension options
Organisation the work is for
Department for International Trade
Budget range
DIT anticipates that the Alpha and Beta phases should cost no more than £200k - £250k.

SOWs may be have different charging mechanisms depending on the type of work that is being carried out (e.g. Fixed Price, Capped T&M, etc.)

About the work

Why the work is being done
The Department for International Trade (DIT) provides both digital and non-digital services to UK and international businesses. This requires us to store and process data about individuals and companies. Currently, we capture consent in various ways and for various purposes.

We need to develop a new consent service to act as a central database of customer consent. A Beta service needs to be built for this, which will include integration with existing digital services - including our website, our internal customer relationship management system and our e-mail marketing software. This will enable the department to meet its regulatory obligations, whist also providing an essential component for improved cross-channel services.
Problem to be solved
There are multiple problems to be solved:
- the department captures consent inconsistently
- customers are asked for their consent repeatedly, in an inconsistent way
- DIT staff do not always know where to look to find out what a customer has consented to
- consent information stored in one system is unavailable for use in another
Who the users are and what they need to do
Individuals representing a company that is seeking support from the Department for International Trade need to know what the Department will do with their personal data and data about their company, and must be able to control this by giving or removing consent so that they know what future contact to expect, and that their data is being handled appropriately.
Early market engagement
Any work that’s already been done
The DIT Digital Team has developed partial solutions for capturing and managing consent within individual services, but has not consolidated this work. Early technical discussions have taken place among our technical architecture team, who have defined a preferred approach, though we would welcome suggestions for improving this.

Any work that has already been done will be shared with suppliers and the shortlisting stage.
Existing team
The successful supplier will work with a part-time DIT product manager and will have access to existing user research findings to deliver this outcome.
Current phase
Not started

Work setup

Address where the work will take place
Windsor House, 50 Victoria Street, London, SW1H 0TL
Working arrangements
Team members provided should be co-located with the Department’s other digital delivery teams at Windsor House.
Security clearance
All staff should have minimum BPSS level security clearance in place before work is started. Developers and any other roles requiring database access should have SC level security clearance before work is started.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrate experience and technical competence developing Python Django applications, using Postgres databases and developing user-facing forms using Node.js and React (5%)
  • Demonstrate experience delivering new services and components which are integrated into existing digital services, particularly including API integrations (5%)
  • Demonstrate experience in conducting and analysing user research, and writing advanced and prioritised user stories (5%)
  • Demonstrate experience working on digital services to meet data protection or equivalent information regulations (5%)
Nice-to-have skills and experience
  • Demonstrate experience in the planning and delivery of user-centred, agile projects, following the Government Service Standards and Technology Code of Practice (3%)
  • Demonstrate experience delivering a similar project within the public sector (2%)

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Describe how you envisage a central consent service will work, including technology stack and integration points (10%)
  • Create a delivery plan for the project, including estimated time frames for the work and any risks and dependencies (10%)
  • Describe your team set-up (including roles and experience) and how you would adapt the team to changing priorities (10%)
  • Describe how you will ensure DIT staff are up-skilled and ready to take on operational control and support upon completion of the work (5%)
Cultural fit criteria
  • Demonstrate your ability to work with multiple teams on the same platform, sharing components, reviewing each others work and promoting a collaborative work environment (5%)
  • Demonstrate your ability to deliver in an open, collaborate, agile way according to the principles outlined in the Government Service Design Manual (5%)
Payment approach
Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Could you please confirm how Authority capture consent in various ways and for various purposes?
Consent is currently captured and managed in the following systems:
• DIT’s e-mail marketing software – individuals are able to unsubscribe from marketing emails
• Forms and services on DIT’s website, – acceptance of Ts&Cs, various options for individuals to subscribe/unsubscribe for e-mail marketing, implicit and explicit consent to processing and sharing of individual data
• DIT’s in-house customer relationship management system, Data Hub – tracks marketing email preferences (manually synced with e-mail marketing software)
2. Is it possible to do most of the work remotely?
No – the team will need to be located at Windsor House for most of the time as this is where DIT’s other development teams are based.
3. Would the entire development team need to be based out of Windsor House? Could part of the team be based from a near/offshore site?
We expect that most of the team will be located at Windsor House for most of the time, as this is where DIT’s other development teams are based. There should be no remote working outside of the UK.
4. Is it a requirement for the project to be written in Python Django or is there some choice in the technology used?
We strongly expect a Python Django application to be the most compatible and supportable solution, though we are willing to hear alternative suggestions.
5. Did the Authority seek any additional supplier support for the Discovery work?
No - the Discovery work that has already been done was completed in-house.
6. Is SC clearance required during Alpha and Beta?
7. Will the Authority sponsor SC clearance for our SC-eligible resources?
DIT will sponsor the successful Supplier’s SC-eligible resources if required; however, Suppliers should consider that we have a latest start date of 25th November 2019. If Supplier’s resources are not already SC cleared, it is unlikely that Supplier’s will have clearance in time to start by 25th November 2019.
8. Could the organisation clarify what CRM, Email Marketing and Website CMS solution it uses please?
The CRM is a bespoke Python Django application. The Email Marketing software is a COTS product with industry standard APIs. Forms and services on are bespoke. There is no integration expected with the CMS.
9. Is it a requirement to use node.js and react as the framework for the user forms? Would you consider using other SPA frameworks like vue.js/angular or indeed creating forms via the django templates?
The user facing forms are those located on These are plain HTML.
10. Will partnership / consortium bids be considered?
Partnerships/consortium bids are perfectly acceptable, however both suppliers will need to be on the DOS framework agreement. Equally, we are content for one supplier to bid for the work as the sole contractor, and sub-contract elements out if required.
11. Is Alpha and Beta has combined budget, or the budget mentioned is for each stage?
The budget is for both stages combined.
12. Can you share the evaluation formulae regarding the pricing for 30%?
This will be shared with the shortlisted suppliers after Stage 1.
13. Can the DIT clarify the specific requirements with regards to front end functionality of the solution? How many of these requirements are already met by existing systems in place? How many are novel? Will the new solution be expected to entirely replace all inbound data sources or make use of them?
The new solution is expected to ingest data from existing sources, though there will be a requirement to add/amend consent fields within existing services to ensure consent is consistently captured at source.
14. What is the current size of existing systems' data storage? What is the projected growth rate of data entries? Is data stored uniformly across the current different systems or will data need to be reformatted and then migrated? What type of specific data migration activity is required?
Data storage varies by service – current individual records total approx. 700,000. This grows at approx. 50,000 per year.

Data is not stored uniformly across all systems, migration activity will require combining datasets from multiple locations, though the number of data points is expected to be low, so direct mapping of fields should be straightforward (e.g. email address <-> email address).
15. Is there a requirement for the internal reporting and analysis of data entries, e.g. a UI that will allow for the effective searching, sorting and filtering of data entries or a database with limited reporting functionality?
This will need to be defined in initial project kick off discussions. If so, a UI is likely to be a low priority feature.
16. Has the siloed nature of current systems presented any problem statements surrounding the origin or legitimacy of information? If so, is the proposed solution expected to answer these problem statements?
Origins of information are clearly understood, though system rules for updating and managing records (e.g. where an individual makes contact through different channels) will need to be implemented, based on business rules agreed with DIT.
17. The project is estimated at three months. Do you see anticipate this to be build time only; or does it include full integration with UAT and iterative improvements?
We anticipate that the three month period will include development and integration with production services. We do not expect this to include ongoing iteration.
18. Are any major legacy IT changes planned for your CRM, email, DBs over the next 1-3 years?
There are no major changes planned to the CRM or website.

The email marketing software is a COTS product, and may be subject to change in the next 12 months.
19. Are all data fields you are wanting/needing to collect confirmed before any additional builds are made?
User-facing fields will be defined before development begins. System fields will need to be defined as part of the solution.
20. What are the roles that are required for Alpha and Beta?
We do not have a definitive list of roles required as we will be looking for shortlisted suppliers to propose a relevant team that can deliver our outcome. The supplier will be required to provide a delivery manager to oversee this work.
21. How many people would you require to be supplied?
We would expect a delivery team of 4-6 people in order to ensure effective delivery, however this is open for shortlisted suppliers to propose a different sized team. Any proposals should consider the specified budget however.
22. Will the processing or handling of personal data by the engagement team be required as part of this engagement (except client contact data required for day-to-day interaction)?
Yes - this requirement will include ingestion of personal data from several DIT systems in order to ensure the end service is populated with data already held by DIT.