Ministry of Defence - Information Systems and Services

RM1043/CCT825 - Information Assurance Specialist Applications and Onboarding Support

Incomplete applications

12
Incomplete applications
9 SME, 3 large

Completed applications

11
Completed applications
10 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Friday 25 October 2019
Deadline for asking questions Tuesday 29 October 2019 at 11:59pm GMT
Closing date for applications Friday 1 November 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work ISS delivers the core ICT platform for Defence. Cyber security professionals are required to work with the ASDT EMPORIUM programme in line with information assurance and Cyber security policy to introduce a number of assured cloud hosting services and associated projects to transform application and system hosting within the MoD.
Latest start date Monday 2 December 2019
Expected contract length 12 Months with an extension option of 3 months pending internal financial approval.
Location South West England
Organisation the work is for Ministry of Defence - Information Systems and Services
Maximum day rate £900.00 (inc VAT) or £750.00 (ex VAT) maximum budget per day.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The specialist will be required to work with the Crown Servant Security Assurance Coordinator in addition to the ASDT (Application Service Development Team) agile teams and Project Stakeholders. One specialist will be working with the hosting teams. One will focus on applications and on-boarding onto platforms and one will be concentrating on Data Centre rationalisation and migration of systems.
What the specialist will work on Review of HLD/LLD

Completion and maintenance of DART

Define CTAS scope

Production of Security Requirements Statements and Risk Balance Cases

Production and Review of RMADS and OSMP and other associated documentation to achieve accreditation

Review ITHC Testing and remediation plans

Audit supplier for correct level of due diligence

Production of Pre-PIA and PIA, MOD Code of Connection and MOD Statement of Connection Conformity

Chair of SWG and Security Surgeries and production/distribution of outputs

Audit of live operations and Inspection of Protective Monitoring System

Regular meetings with Accreditor and NCSC

Witness system performance post changes in the design

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place ISS (Information Systems and Services), Mustang Building, Rudloe Site, MoD Corsham, Westwells Road, Corsham, Wiltshire, SN13 9NR.
Working arrangements All tasking will take place from MoD Corsham and the specialist is required 5 days a week. The working day is 8 hours including 30 minutes for lunch. Travel may be required within the UK with Travel and Subsistence costs away from MoD Corsham recoverable in correspondence with MoD Departmental/Policy rates.
Security clearance Developed Vetting Clearance must be in place prior to and for the duration of the contract starting due to the projects the individual is required to work with.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Holds CCP Practictioner Status - 25 Points
  • Evidence of Information Risk Management in the HMG and/or Defence context - 20 Points
  • Evidence of security knowledge associated with Applications Security - 20 Points
Nice-to-have skills and experience
  • Holds CCP - Certified Cyber Professional Senior Practitioner status - 10 points
  • Holds CISSP - Certified Information Systems Security Professional status - 10 Points
  • Holds CISM - Certified Information Security Manager status - 10 Points
  • Knowledge and understanding of agile ways of working - 5 Points

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative when making decisions
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Take responsibility for their work
  • Share knowledge and experience with other team members
Additional assessment methods Interview
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Can the Authority please confirm the IR35 status of this role? The intermediaries legislation does not apply to this engagement. The role is outside of IR35.
2. Is there a current incumbent? I can confirm that there is a current incumbent.
3. Can the Authority confirm if they are working with an incumbent supplier ? I can confirm that the Authority are working with an existing incumbent.
4. Is there an existing incumbent? I can confirm that there is an existing incumbent.
5. Please can you confirm if there is an incumbent? I can confirm that there is an existing incumbent.
6. Can you confirm there is a current incumbent for this role? I can confirm that there is a current incumbent for this role.
7. Please could you confirm the IR35 status for this role? The intermediaries legislation does not apply to this engagement. The role is outside of IR35.
8. Is there an incumbent in place? I can confirm that there is an existing incumbent in place.
9. Is there an incumbent in the role? I can confirm that there is a current incumbent in the role.
10. Please confirm if this assignment falls outside or inside IR35? The intermediaries legislation does not apply to this engagement. The role is outside of IR35.
11. Could you please confirm the IR35 status of this position? The intermediaries legislation does not apply to this engagement. The role is outside of IR35.
12. Can the Authority please confirm the requirement to be onsite 5 days a week as an ability to allow for remote working will reduce the burden on Corsham infrastructure and increase the desirability to SME`s? As the project is working to the Agile methodology and the Security element of the project is across all the agile teams, the opportunities to work remotely are limited due to the requirement to attend stand-up and other meetings on-site and to be present on the floor plate when the need arises. ASDT is open to contractors working remotely on occasion, with some currently working from home regularly one day a week , however contractors must be aware that they may be required to be on-site 5 days a week if there is a programme requirement and the workload dictates.
13. A lot of 'points' depend on different and sometimes contradictory paper qualifications – was this intentional – it would rule out anyone with (for example) 20 years of solid risk management and IA experience? We tried to word the advert to ensure we had the maximum possible chance of gaining specialists with the qualifications and experience required to suit the project’s needs. It is important for the project to employ specialists with knowledge of MOD Information assurance policies and practices and Agile project management along with suitable evidence of qualifications in the IA space.