Her Majesty’s Passport Office

Home Office - Her Majesty's Passport Office - Information Assurance Architect

Incomplete applications

27
Incomplete applications
25 SME, 2 large

Completed applications

41
Completed applications
39 SME, 2 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 29 October 2019
Deadline for asking questions Thursday 31 October 2019 at 11:59pm GMT
Closing date for applications Tuesday 5 November 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Technical Architect
Summary of the work The information assurance architect will work on –

Supporting development & maintenance of Security architecture
Developing Information Risk Assurance Reports
Risk discovery, treatment & analysis
Technical assessments and assurance of IT products & services
IT security incident management
Latest start date Tuesday 31 December 2019
Expected contract length 24 months total. Initial 12 months, further period up to 12 months depending on needs& performance
Location London
Organisation the work is for Her Majesty’s Passport Office
Maximum day rate

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with They will work as part of a Technical Design Authority who are responsible for specific domains.

They will need to collaborate closely with delivery teams and business stakeholders across the enterprise in a multi-supplier environment.

HMPO is moving from a large outsourced SI arrangement to an in-house, largely cloud based and open source based solutions delivered iteratively.
What the specialist will work on Work packages include, but aren't limited to:
• Ensure that specified security controls or other counter-measures they specify to mitigate, minimise, or treat discovered risks are pragmatic appropriate and cost effective
• Lead information assurance activities against solution designs to ensure they are appropriately secure. and provide advice and guidance on HMPO Security standards and policies
• Ensure risks are identified, assessed and managed appropriate to HMPO standards and requirements.
• Management of operational security incidents, IT Health Check and Pen Tests Assure results of ITHC & Pen Tests

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place London
Working arrangements Typically on-site with wider team and clients in an Agile environment. Some site visits. Use of Confluence, Jira and Ardoq are the tools used to track progress against deliverables
We work in an engaging and collaborative environment where outputs require teams to own deliverables
Security clearance ‘SC Clearance is required. HM Passport Office will support the clearance process’

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Have proven track record of risk assessing and assuring cloud based architectures for large and complex organisations
  • in depth understanding of traditional security technologies and security specific protocols (e.g. TLS, Kerberos and SAML..
  • Solid experience and understanding of AWS security tools and services, open source security controls, automated security testing tools
  • Proven track record of scoping pen testing, ITHC and security incident management
  • in depth understanding and experience of outcome based approach to risk identification, management and mitigation using techniques such as risk trees and attack tree methods
  • Good understanding of Identity management, identity lifecycle management
Nice-to-have skills and experience
  • 1. Experience of HMPO systems or similar government operational systems
  • Experience of GDS best practices

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative
  • Be comfortable standing up for their discipline
  • Have a no-blame culture and take responsibility for their work
Additional assessment methods Interview
Evaluation weighting

Technical competence

60%

Cultural fit

20%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. What is the IR35 status? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
2. Is there a current incumbent? Yes - there a current incumbent.
3. Can the Authority confirm if they are working with an Incumbent Supplier ? Yes - there a current incumbent.
4. Do you deem this role to be outside of IR35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
5. Is this inside or outside IR35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
6. Is there an existing incumbent and what is the IR35 Status Yes, there is an existing incumbent.

We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
7. Please can you confirm if there is an incumbent in the role? Yes, there is an existing incumbent.
8. can you confirm if the role is inside or outside IR35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
9. Is this role deemed to be inside or outside of IR35 rules ? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
10. Please confirm if you have an incumbent? Yes, there is an existing incumbent.
11. Is there an incumbent in place? Yes, there is an existing incumbent.
12. What is the IR35 status for this role? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
13. Please let us know why this is being advertised if there is an incumbent already there. Will this be a new role to work along with the incumbent or even to renew the incumbent, you will have to go through this advertisement route on DOS4? There is an incumbent in post. The current contract is nearing expiry and the role is still required beyond the expiry date. Therefore, there is a need to re-tender for this role. HMPO is unable to advise if the incumbent will be submitting a bid. The incumbent may submit a bid should they so wish. The evaluation process will be fair and in line with policy.
14. Is this a genuine requirement or will the opportunity just be awarded to the incumbent? There is an incumbent in post. HMPO is unable to advise if the incumbent will be submitting a bid. The incumbent may submit a bid should they so wish. The evaluation process will be fair and in line with policy.
15. Nice-to-have Experience of HMPO systems or similar government operational systems: will candidates that have experience of HMPO systems over those that have similar government operational systems experience be scored higher? As per advertised, you are being asked if you have experience of HMPO systems or similar government operational systems, one does not carry more weight than the other.
16. Can you please provide an indication to the budget? Are you looking for a fixed price or day rate quotes? The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements. We would like suppliers to respond with day rate quotes.
17. Can you provide any indication of budget? The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements. We would like suppliers to respond with day rate quotes.
18. Please could you provide any additional information on expected day rates The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements. We would like suppliers to respond with day rate quotes.
19. Will the candidate be expected to travel to other sites outside of London?
Are there any opportunities to work from home?
Occasional travel to other HMPO sites may be required (Croydon and Manchester)
Standard Government Terms and Conditions for Expenses as covered in the DOS Contract.

Working from home is by exception and only with Project Manager’s agreement.
20. Do you require any certification – ie CREST, CHECK We only require requirements that are set out in the advert.
21. What is the Maximum day rate for this role? The maximum day rate has been left blank intentionally, we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.
22. Can the incumbent be considered for this role or are you actively looking for a new person? There is an incumbent in post. HMPO is unable to advise if the incumbent will be submitting a bid. The incumbent may submit a bid should they so wish. The evaluation process will be fair and in line with policy.
23. If someone has DV clearance would this assignment allow them to retain their DV status? This role requires SC clearance. As this assignment does not require a DV clearance, there is a possibility that candidates may have their DV Clearance reverted to SC clearance following successful application for the required level which is SC clearance.
The decision on whether to retain DV clearance does not lie with HM Passport Office.
Candidates are therefore advised to contact the relevant departments who issued the clearance to seek clarification.
24. We have a DV cleared security specialist who in our opinion is a perfect fit for the role, but would like to maintain his DV clearance, is this possible? SC Clearance is required for this post. As this assignment does not require DV clearance (i.e. unsupervised access to SECRET and TOP SECRET documents etc.) they will likely have their DV Clearance reverted to SC following successful application for the aforementioned role.
25. Does the Architect require SC Clearance before starting or can they gain it once they have started? The specialist will be required to have SC Clearance before they can start the role. HM Passport Office will support the clearance process.
26. Please can you can clarify the Security Clearance requirements for this role and whether HMPO will sponsor SC process prior to contract commencing or when the Specialist is in place? The specialist will be required to have SC Clearance before they can start the role. HM Passport Office will support the clearance process.
27. Could you confirm if a specialist has to have SC in place now or whether you would delay the start date to allow a non-SC specialist to be considered The specialist will be required to have SC Clearance before they can start the role. HM Passport Office will support the clearance process.
28. Regarding Security Clearance – will a candidate who already has SC (current or lapsed) be given preference over a non SC candidate.
Can the candidate start the role and gain SC in due course?
The evaluation process will fair and in line with policy and will be the same for ALL Candidates. No preference will be given to candidates who already hold valid or lapsed Home Office SC Clearance.
The specialist will be required to have SC Clearance before they can start the role. HM Passport Office will support the clearance process.