Foreign & Commonwealth Office, King Charles Street, London

Ongoing support and development of the Consular Integration Service

Incomplete applications

10
Incomplete applications
7 SME, 3 large

Completed applications

7
Completed applications
6 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Monday 11 November 2019
Deadline for asking questions Monday 18 November 2019 at 11:59pm GMT
Closing date for applications Monday 25 November 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work To provide 24/7/365 second and third line support to the Consular Integration Service which underpins the Emergency Travel Document service. To support, maintain and undertake integration and small scale development of CIS whilst also triaging enquiries at second line.
Latest start date Wednesday 1 April 2020
Expected contract length 2 years
Location London
Organisation the work is for Foreign & Commonwealth Office, King Charles Street, London
Budget range BAU Fixed Price: £130,000 - £150,000 per annum
T&M budget: up to £40,000 per annum

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done One of the FCO’s three foreign policy priorities is to support British nationals around the world through modern and efficient consular services. The Consular Integration Service (CIS) is a business critical service currently supporting processing of Emergency Travel Documents (ETDs) allowing customers to complete an application completely online and will expand to include other services in the future. As an integration layer across Consular applications and systems, CIS implements a set of open source integration technologies using Amazon Web Services Cloud platform hosting and processing. We require 24/7/365 second and third line support to enable maintenance and continuous improvement of CIS.
Problem to be solved We require high level technical, security and development expertise to provide 24/7/365 second and third line support to the Consular Integration Service including UK public holidays. We require ongoing support, incident management and maintenance of CIS working with existing suppliers and FCO live support; integration and small scale development of CIS; triaging of enquiries at second line managing alerts, raising defects against systems and interacting with other systems; and on boarding of new services integrating with CIS. As the CIS application is being hosted on AWS FaaS and PaaS e.g. Lambda and AWS ADS as well as S3 storage buckets, it would be impractical to separate the application from the infrastructure. Therefore, we require the CIS support to cover these services and the corresponding master AWS account.
Who the users are and what they need to do As an ETD processing officer, I need to retrieve, manage and process ETD applications efficiently and effectively.
As a customer, I need to complete my ETD application completely online uploading photos and supporting documentation.
As a manager, I use this information to manage performance, processes, staffing and resources.
As a supplier, I need to integrate my application and data with CIS with minimum impact to my product.
As FCO live support, I need to be able to escalate enquiries, problems and major incidents and ensure they are managed and resolved within agreed timescales.
Early market engagement As part of an earlier procurement to support our digital services, we invited suppliers to bid to provide 24/7/365 third line support to the CIS service. 3 suppliers met our initial requirements. However, we have since reviewed our approach.
Any work that’s already been done The Consular Integration Service has been live since April 2018.
Existing team Within the FCO, you will be working with a range of policy and digital leads across Consular, the Digital Transformation Unit, FCO and overseas, including frontline Consular staff at our global ETD Centres in Madrid and Singapore and existing suppliers of various consular applications and systems to help deliver the service. The team will also need to work with stakeholders in the FCO including FCO live support (first line support). You will also represent the service at quarterly supplier engagement group meetings. The Technology and Transformation will be your first point of contact.
Current phase Live

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Foreign & Commonwealth Office, King Charles Street, London, UK
Working arrangements Work can be done offsite, but we would expect you to be able to visit the FCO on a regular basis for face-to-face meetings and service reviews. The team should be easily contactable by phone or email and should be able to respond 24/7/365 to major incidents and problems working to resolve them communicating proactively with FCO live support, suppliers and Consular. The resource should be: collaborative, responsive, agile, work effectively with existing suppliers, comfortable talking to non-technical staff and senior management translating requirements into technical terms. Be a good listener - where appropriate, be innovative paying attention to detail.
Security clearance All staff working on FCO premises must be at least SC Cleared or capable of being cleared to SC. Bidders must confirm clearance of nominated resources. If required, FCO will initiate SC clearance

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions Required:
ISO 27001 certification and compliance

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Proven track record of supporting solutions run from AWS cloud environments (including management of live and test environments; performance and capacity monitoring; and resolution of AWS-related incidents)
  • Strong evidence of delivering within ITIL service management frameworks
  • Evidence of overseeing a service as part of a wider portfolio of services and continual service improvement using ITIL-aligned processes (including service validation and test activities)
  • Evidence of customer and user friendly ethos
  • Evidence of delivering to Government Digital Service Manual standards including delivery of services, which have passed digital by default assessment
  • Track record of collaborating with multiple suppliers and multidisciplinary teams including with developer teams and ability to conduct detailed investigations across single or multiple products remotely or on-site
  • Evidence of robust planning for disaster recovery and business continuity
  • Strong evidence of full adherence to security rules and regulations; familiarity with Government Security Classifications; and compliance with HMG Information Assurance and Security Standards.
  • Evidence of full GDPR compliance and a track record of data management and security; Evidence of organising and defragmenting data
  • Evidence of understanding ISO 9001 certificated Quality Management System
  • Proven track record of agile development and devops cultures with good knowledge of open source technologies, testing and at least one programming language
  • Understanding of various tech stacks, AWS specific and other components – list available on request
  • Proven track record of event management to monitor all events occurring through the IT infrastructure in line with standard ITIL-aligned processes; Evidence of availability management
  • Proven experience of planning, managing, analysing and developing capacity to support service improvements including provision of technical design authority to support stakeholder management and assurance
  • Evidence of providing client with relevant metrics and performance updates
  • Proven experience of maintaining asset data including accurate, up to date product, service management, technical design and support documentation, including as new services are developed;
  • Experience of triage work i.e. defect analysis.
Nice-to-have skills and experience Ability to quickly absorb differing strategies and remain flexible

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • Approach and methodology
  • How the approach or solution meets user needs
  • How the approach or solution meets your organisation’s policy or goal
  • Estimated timeframes for the work
  • How they’ve identified risks and dependencies and offered approaches to manage
  • Team structure
  • Value for money
Cultural fit criteria
  • Proven experience of working with UK Government on technical architecture, technical design and the security, management and integration of data, applications and systems
  • Evidence of user centred design and understanding of user research
  • Evidence of: excellent communication skills, ability to translate technical concepts, communicate technical terms to non-technical staff; ability to influence at all levels and extensive experience of tailoring messages to audiences.
  • Proven experience of working at pace and responding to changing demands
Payment approach Fixed price
Additional assessment methods
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence

50%

Cultural fit

15%

Price

35%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Notice to suppliers The FCO is now conducting ‘nameblind’ bids to continually improve open and fair competition. To support the FCO in this, suppliers are requested to refrain from referring to their organisation by name or including identifying features within responses as far as possible.
2. Notice: please see the following tech stack related to the essential criteria "Understanding of various tech stacks, AWS specific and other components" Mainly built on Lambda, RDS, and S3 but other services include:

Elasticsearch
EC2
EC2-ELB
Cloudwatch
KMS
API Gateway
Route 3 DNS
CodeComit
SNS
SQS
X-Ray
SES
Cloudfront
CloudTrail
Budgets
Glue
AWS Business Support
AWS Development Support

Note the resources will be paid by the FCO master account.

Also using On-line form builder non AWS
Cognito
3. Further clarification to notice 2. Tech stack has been revised and restructured. AWS Specific components
• EC2
• CloudWatch
• Amazon linux 2
• CloudTrail
• ECS
• Systems Manager
• Lambda (Java & Node.js)
• Trusted Advisor
• S3
• Elasticsearch Service & Kibana
• RDS/Postgres
• IAM
• DynamoDB
• Cognito
• VPC
• Certificate Manager
• Route 53
• Simple Notification Service
• API Gateway
• Simple Queue Service
• CodeCommit Organisations

Other components
• Postgres Node.js
• Terraform Dev Basics
• Homebrew
• Java JDK 8,
• Maven, Git.Ansible

Dev tools
• IntelliJ
• Sublime Text
• iTerm2,
• Postman
• Sequel Pro
• GitHub Desktop
• Java
4. Can you provide the list for "Understanding of various tech stacks, AWS specific and other components" please? Please see above response.
5. Can you elaborate on the out of hours response, will it be triggered by system incidents or require more of a full support service. What are the differences with 'office' and 'out of hours' responses? PART 1:

Cover is 24/7/365 with the following response times

P1- Severe
Full loss of service or functionality affecting multiple users and where there is no immediate workaround solution
1 Hour

P2-Significant
Partial loss of service or functionality with High business impact for which there is no immediate workaround solution.
2 Hours

P3-Minor
Partial loss of service or functionality with no immediate High business impact for which a workaround is available.
Partial loss of service or functionality and there is a nominal business impact.
8 Hours
6. Can you elaborate on the out of hours response, will it be triggered by system incidents or require more of a full support service. What are the differences with 'office' and 'out of hours' responses? PART 2:

Change Request
Request for an alteration to the services, i.e. iteration or enhancement.
Initial Response and Assessment within 2 working days

Service Request
Standard, pre-approved change, e.g. setup of new user or password reset
Initial Response and Assessment within 2 working days
7. Based on the past what 2nd and 3rd line incidents have occurred outside of UK office hours? Full details shall be provided to shortlisted suppliers to support the development of a full proposal.
8. What type of response/resolution are required by 2nd and 3rd line outside of office hours – is it to restore service only, or to provide a full fix solution immediately? See answers above.
9. What is the weighting for each of the sub-criteria listed in the ad? Sub-Criteria are not individually weighted beyond the Technical, Cultural Fit and Pricing headline weighting.
10. The DOS Contract is a development contract and contains no SLAs or any ITIL concepts. Adding such concepts would likely be a material change thus fall outside of what is permissible under the regulations. Given this, how do you intend to use the contract for support – will there be no SLAs, no concepts of Incident or Problem? If you do propose changes to the Call Off please post them before the deadline for applications. The DOS Framework under the Live Phase allows for support of services particularly where there is regular change linked with running Agile Services. The requirement sets out the support requirement and further details, including incident volumes and HLD’s shall be provided to shortlisted suppliers in order to support the development of a proposal which includes industry standard SLA’s and relevant concepts. This is acceptable within the bounds of the Framework.

This stage of DOS does not support full publication of those terms as the questioner requests. Shortlisted suppliers shall be provided with the appropriate details.
11. Given the DOS contract mandates the use of the GDS Service Standard, not ITIL, how can Suppliers meet this requirement and provide a support service? The DOS Framework via Live Services permits the provision of support services where GDS Standards and ITIL are not in conflict and related to ongoing support of a system in Live and interacting with other ongoing Agile Developments. The requirement sets out the support requirement and further details, including incident volumes and HLD’s shall be provided to shortlisted suppliers in order to support the development of a proposal which includes industry standard SLA’s and relevant concepts. Specific concerns can be communicated to the FCO if necessary.
12. Why did you choose not to use Tech Services 2 (which is a support framework) for this requirement, and chose DOS (which is not a support contract) instead? The DOS Framework under the Live Phase allows for support of services particularly where there is regular change linked with running Agile Services. The CIS system regularly interacts with ongoing development projects and other iterative change is required at this stage which suits DOS. Shortlisted suppliers shall be provided with appropriate details in order to include relevant industry standard SLA’s and concepts.

Tech Services 2 is a valid alternative route and was discounted at this stage but the future strategy includes considering of a TS2 solution which encompasses more that this single service.
13. Q : "Evidence of robust planning for disaster recovery and business continuity"
Does the CIS service benefit from a DR solution at present?
The CIS is robustly designed and hosted on AWS services across 2 UK zones. This is a hot mirror so there will be no loss of data or service.
14. Q : "Proven experience of maintaining asset data including accurate, up to date product, service management, technical design and support documentation, including as new services are developed;"
Does a mature CMDB exist already or an alternative method in place to record this asset information?
This service is built on AWS services and therefore the AWS Config service/panels provided will give us a full understanding to the required level. Note with Serverless and PaaS we consume he service and are not concerned about the underlying infrastructure.
15. What timescales are you working to for (1) informing shortlisted suppliers, (2) submission of proposals and (3) scheduling of presentations? Current timescales intend to inform shortlisted and unsuccessful suppliers W/C 16th Dec. Those shortlisted shall then be given until 10th Jan to submit complete proposals for the next stage of this procurement
16. Is there further information that you will share with the down-selected suppliers to inform how to approach delivery of the service? Full details shall be provided to shortlisted suppliers to support the development of a full proposal.
17. Q : Incident volumes
How many incidents have been raised in the past 12 months? How many of these were classed as P1-Service Down incidents? How many of these incidents occurred out-of-hours?
Full details shall be provided to shortlisted suppliers to support the development of a full proposal.
18. 1. Is the Supplier responsible to develop the Java and NodeJS code?
2. Is the Supplier responsible to develop the Lambda functions for the security enhancements. If yes, Is Python acceptable?
3. Many services from AWS are listed. Is there an architecture diagram of applications available?
4. How many applications are hosted and require support?
5. Who is supporting and developing the applications?
6. What Security and development are required? Is it lambda functions for carrying out event-driven security or the scanning of the existing code?
Is the data hosted in UK regions only or is within the EU?
PART 1:

1) No, however NodeJS is part of the Consular Tech stack so having this skill will be useful for future application support.
2) Yes, Yes
3) Yes, will be provided as part of contract award and transition
4) 2
5) Will need to liaise with future application development team. Any future development will be the responsibility of the Application DevOps, however the access to the DevOps will need to be managed and governed by this contract.
19. 1. Is the Supplier responsible to develop the Java and NodeJS code?
2. Is the Supplier responsible to develop the Lambda functions for the security enhancements. If yes, Is Python acceptable?
3. Many services from AWS are listed. Is there an architecture diagram of applications available?
4. How many applications are hosted and require support?
5. Who is supporting and developing the applications?
6. What Security and development are required? Is it lambda functions for carrying out event-driven security or the scanning of the existing code?
Is the data hosted in UK regions only or is within the EU?
PART 2:

6) Security monitoring will be via Cloudwatch although event driven logging and monitoring is an aspiration of the FCO so any skills in this area would be useful.
7) The service is only and may only be delivered from the UK Regions and this requirement may only be delivered by UK onshore resources holding appropriate SC clearance.