Awarded to Tisski Limited

Start date: Monday 1 June 2020
Value: £7,600,000
Company size: SME
Defence Digital, Strategic Command, Ministry of Defence

iHuxley Phase 2 (ASDT0111)

7 Incomplete applications

3 SME, 4 large

4 Completed applications

1 SME, 3 large

Important dates

Wednesday 29 January 2020
Deadline for asking questions
Wednesday 5 February 2020 at 11:59pm GMT
Closing date for applications
Wednesday 12 February 2020 at 11:59pm GMT


Summary of the work
Aligning to GDS & MOD Frameworks and Policies, within a multi-disciplinary multi-supplier team the Contractor will help grow and support the in-house capability in delivering Automated solutions to Defence, with a key focus, but not limited, to the Microsoft PowerPlatform using links from existing and new data sources.
Latest start date
Monday 6 April 2020
Expected contract length
2 years
South West England
Organisation the work is for
Defence Digital, Strategic Command, Ministry of Defence
Budget range
The maximum anticipated throughput (not to exceed total contract value) is £7,600,000.00 ex VAT up to 31st March 2022. However this additional element is subject to further financial approval and is not guaranteed commitment.

Please note, the current value financially approved for this requirement and anticipated SOW's is £799,000 ex VAT. Additional requirements/ SOW's may emerge so a team which can flex in an agile manner is required.

About the work

Why the work is being done
As a large organisation Defence operates on process, and whilst there are standard processes in place, many parts Defence have localised way of working which lead to inefficient, disparate and cumbersome process delivery. There is a need to remove, reduce and align these processes, and then automate where possible in order to streamline, removing frustrating, duplication and inaccuracies, and provide the end user with great confidence in the MI being produced through Enterprise data management, through an ethos of “Enter Once - Reuse Many Times".
Problem to be solved
Provision of a cost effective, flexible and scalable Automation DevSecOps team that exploits Defence’s investment in MODNeT and the Microsoft Power Platform, and other Automation Technologies such as Robotic Process Automation, to satisfy demands placed on ASDT from across Defence to digitise Defence processes. The service must be flexible and be able to rapidly respond to demands to support Defence throughout the software lifecycle from Concept through to Production, with the associated support services including, but not limited to; training, live support, advice and guidance, in line with GDS and Defence principles and policies.
Who the users are and what they need to do
Users of iHuxley applications are Defence Civil Servants, Regulars, Reserves, and contractors, who could be physically located anywhere in the World. iHuxley applications are securely accessed through the MODNet provided single sign-on capability on the MODNet Microsoft Office 365 Portal. The digital services delivered by iHuxley will improve Defences efficiency and effectiveness by creating process standardisation, create, maintain and utilise authoritative datasets, and provide a reputable auditable trail. All applications will be designed on the premise that they are reusable, scalable and have a repeatable pattern, with emphasis placed on ensuring enterprise data and wider business benefits can be realised.
Early market engagement
Any work that’s already been done
Using an Agile approach based upon Government Digital Service and Scaled Agile Framework (SAFe) approach, several large pan Defence applications have been designed, developed and released, these included Capability and Acquisition Management System (CAMS), Digital Approvals Tool (DAT), and numerous other processes in the lifecycle which the successful bidder will be engaged in. The Centre of Enablement has been established to govern, manage and provide the service wrap for the platform, iHuxley team and all Federated DevOps users across MOD, which will be expanded to encompass the Automation Service, under DASH, (Defence Agile Software House) in due course.
Existing team
iHuxley consists of a multidisciplinary team of talented Crown Servants, including apprentices, providing the continuity, supported by an industry partner (DOS contract), largely based in ISS Corsham currently. Every opportunity delivered, will have an associated Senior Responsible Officer and an empowered Product Owner who will work closely with the team to ensure success. As the DASH Automation Service evolves other teams and external suppliers will support the work delivered, as either core team or federated users of the platforms.
Current phase
Not applicable

Work setup

Address where the work will take place
Mustang Building, MOD Corsham, Westwells Road, Corsham, SN13 9NR
Working arrangements
The successful contractor will need to be able to rapidly provide key team members across the GDS/SAFe DevSecOps skills framework to support all roles as required, while being flexible in the numbers required as the programme fluctuates in response to customer demand. The contractor will need to culturally integrate seamlessly with the existing core team and also be prepared for additional contractors to join the team as future demand dictates. The service offering is Defence-wide, so meetings may be required at sites across the estate, but the majority of work is conducted out of Corsham, currently.
Security clearance
Security Clearance required for duration of the role. BPSS will be accepted where SC has been applied for, but must be agreed with the authority. Suppliers are responsible for obtaining and maintaining security clearances.

Staff may be required to get DV Clearane, but this will be advised at the time.

Additional information

Additional terms and conditions
DEFCON 658 ed 10/17 - Cyber

No specific Quality Management System requirements are defined. This does not relieve the Supplier of providing conforming products under this contract. CoC shall be provided in accordance with DEFCON 627.
No Deliverable Quality Plan is required reference DEFCON 602B 12/06
Concessions shall be managed in accordance with Def Stan. 05-061 Part 1 Issue 6 - Quality Assurance Procedural Requirements - Concessions.
Any contractor working parties shall be provided in accordance with Def Stan 05-061 Part 4, Issue 3 - Quality Assurance Procedural Requirements - Contractor Working Parties.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrable recent experience of implementing and supporting large scale solutions, including RPAs, the full Microsoft Dynamics and PowerPlatform, ISV solutions and integration with in-house solutions.
  • Demonstrable recent experience of full DevSecOps teams who have successful understood users’ needs to collaboratively develop secure complex applications using Dynamics, based upon SAFe and GDS Guidance.
  • Demonstrable recent experience of providing full DevSecOps teams who have successfully delivered scalable enterprise level applications using Dynamics, in a complex business environment, based upon SAFe and GDS Guidance.
  • Demonstrable recent experience of implementing and operating a Dynamics Centre of Enablement through continuous improvement; building sustainable and workable governance models, polices and processes to deliver and support applications.
  • Demonstrable recent experience of providing Dynamics subscription administrators to manage Dynamics instances and configuration, including managing user administration using Microsoft administration centre and building automated workflow to simplify processes.
  • Demonstrable recent experience of implementing Enterprise Data Management, using Dynamics Common Data Service, designing data models, reuse of authoritative sources, whilst being compliant with information assurance legislation and guidance.
  • Demonstrable recent experience of integrating Dynamics with 3rd party applications, services through Application Programme Interfaces including on-premise & cloud-based services using CDS SDK API, data integrators, and Robotic Process Automation.
  • Demonstrable recent experience of using CRM Plug-in development, Custom workflow assembly development, CRM form programming, Custom page integration using ASP.NET pages JavaScript to integrate with CRM forms.
  • Demonstrable recent experience of using of Dynamics 365 – SDK and WebAPI/Web services, Selenium Testing framework (EasyRepro for Dynamics), OAUTH and XRMToolBox and other testing applicable technologies.
  • Demonstrable recent experience of successfully building secure web applications that collect and manage sensitive information with appropriate controls and protection in-line with Government/industry best practise, mitigating against common OWASP risks.
  • Demonstrable recent experience of providing the necessary security evidence required to satisfy accreditation requirements in line with Government and industry best practise.
  • Demonstrate knowledge and experience of Microsoft Office 365, Microsoft Dynamics, Microsoft Power Platform, Team Foundation Server and Visual Studio Services.
  • Demonstrable experience and functional familiar with SAFe, GDS Service Manual, and the GDS Service Assessment, as the digital service will be run through an internal Defence GDS style Service Assessment.
Nice-to-have skills and experience
  • Demonstrate experience with the following qualifications: Microsoft Dynamics 365 MB2-715: customer engagement Online Deployment, MB2-716 Customization and Configuration and MB2-718 Customer Service.
  • Demonstrable recent Experience of developing and delivering effective training material to support the roll out of new capability to users in the form of videos and user guides.
  • Demonstrable experience of Seeing the bigger picture of automation including use of robotic Process Automation, API, Web Services, and integration with other Defence and Industry services and processes.
  • Demonstrable recent knowledge & experience of successfully managing a quality service, through SAFe, to deliver high quality, secure, reliable and efficient solutions to support service delivery, in a cost-effective way.
  • Demonstrable recent experience of delivering services at pace with energy and professionalism, whilst delivering quality outcomes in a collaborative and constructive way.
  • Demonstrable recent experience of successfully leading and delivering change and improvements using new and innovative ways of working to seek out opportunities to create effective change.
  • Demonstrable recent experience of successfully leading and delivering change and improvements by challenging the status quo and moving people to think in different, ‘smarter’ more focused ways.
  • Demonstrable recent experience of working collaboratively in a diverse and often dispersed multidisciplinary multisupplier teams and along side other partners.
  • Demonstrable recent experience of knowledge transfer to the customer team to build their internal capability in order to become self sufficent in fully operating their Dynamics Centre of Enablement.

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Demonstrate with recent examples your planning approach for successful delivery in a complex organisation using SAFe and GDS to deliver DevSecOps Dynamics and Automation integrated portfolio solutions. 10%
  • Demonstrate (recent examples) your standard Modus Operandi activity around assurance and onboarding of new requirements, users, existing Apps and other DevSecOp Teams, for successful delivery using SAFe and GDS. 10%
  • Proposed approach and methodology for achieving cyber/security assurance, accreditation at enterprise level and maintaining through the Agile development, including identifying threats, putting in place controls and risk owner engagement. 10%
  • Proposed approach and methodology for achieving information assurance and management at an enterprise level and maintaining through the Agile development, including implementing an enduring entity management strategy. 10%
  • Provide two recent, distinctly different, reference-able client-focused case studies where you have provided similar service capability as described in this requirement to demonstrate your proven capability and cultural fit. 10%
  • Explain how you plan to mobilise and retain key resources for the duration of the contract, and your ability to meet ASDT’s flexible skill needs, experience and cultural-fit. 10%
  • Explain how you will provide the Authority with a high-quality team that embodies the required skills; particularly, why you believe the team (as a collective) will be high performing. 5%
  • Evidence within the last 3 years of ability to add value to a project through the use of innovation and continuous improvement. 5%
  • Provide recent examples demonstrating the use of Lessons Learned within the last 3 years to deliver improvements in a similar environment. 5%
  • Identify the risks and dependencies associated with this requirement and potential mitigation. Give recent examples of SAFe and GDS approach to Risk and dependencies management. 5%
  • Evidence how you will train and transfer knowledge to the Authority providing an exit and transition plan at contract end to ensure the enduring capability of the solutions delivered. 5%
  • Provide Technical proposal for a DevSecOps pipeline and suitable environments to enable scalable, repeatable, reusable, rapid and interactive development to meet this requirement. 10%
  • Describe how the service will optimise costs; enabling ASDT to deliver and support Dynamics applications in a cost-effective manner aligned to GDS, providing recent proven examples. 5%
Cultural fit criteria
  • Experience within last 3 years of an open and collaborative working relationship at all levels with excellent communication, co-ordination and collaboration skills when conducting SAFe ceremonies and Organisational governance. 15%
  • Explain how you will manage your team on site as part of an existing customer and multi-vendor portfolio team. Provide recent examples to demonstrate this in a SAFe/GDS scenario. 15%
  • Evidence of communicating effectively with users, policy owners, assurance community and technical architects to resolve issues amongst complex integrations. 15%
  • Provide a core team structure evidencing how they have, and will work together, and how they will fit into the agile culture of ASDT. 15%
  • Evidence of how you foster an inclusive and professional working environment with no place for bullying or discrimination of any form. 10%
  • Evidence how you will integrate into the existing team, of Customers and multi-vendors, and how you will work collaboratively as one team to meet and exceed the Customers’ needs. 15%
  • Evidence that you attract and retain the best talent to create teams that reflect the diversity of the country and can deliver a diversity of thought to the Authority. 15%
Payment approach
Capped time and materials
Additional assessment methods
  • Case study
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Is there a Cyber Risk Assessment for this requirement?
Cyber Risk Assessment: RAR-BHBU3886 – Moderate
This assessment must be filled out by the successful shortlisted suppliers and provide evidence of a Cyber Essentials Plus Certificate (or working towards it) and compliance against DEFSTAN 05-138, Moderate Controls. Further information will be provided for successful shortlisted suppliers.
2. When will a Security Aspects Letter and Personal Aspects Letter be available?
The Security Aspects Letter and Personal Aspects Letter shall be provided at the shortlisting stage to the successful suppliers. We will require a secure email address or postal address to receive up to OFFICIAL-SENSITIVE classification.
3. Can the Authority confirm this contract will be outside of IR35 legislation?
Yes, IR35 legislation does not apply to this requirement.
4. How do we respond to this requirement?
Responses to the essential and nice-to-have criteria must be submitted via the DOS portal.
The Successful Shortlist Suppliers will receive further additional information and instructions.
Bid responses from successful shortlisted suppliers will be required to complete the associated DOS templates.
5. Can the Authority, please confirm the procurement timetable in relation to the shortlisting, written proposal, presentation dates and contract award?
Suppliers will be shortlisted week commencing (W/c) 17th Feb 2020.

Proposed date for Written and Case Studies submission to the Authority - W/c 9th Mar 2020.

Proposed date for Presentations if required - W/c 23rd Mar 2020 at MOD Corsham.

Latest Contract Start Date W/c 6th April
6. What is iHuxley? Part 1
The iHuxley team offer an end to end service to MOD customers to evaluate and then digitalise business processes using the Microsoft PowerPlatform, including but not limited to Dynamics 365, Common Data Model, and Common Data Service, alongside the Microsoft O365 suit of applications and also other automation tools such RPAs etc to deliver business benefits through efficiencies, improved data management and reporting, through the reuse of data from an agreed single source, and interaction with other source data apps.
7. What is iHuxley? Part 2
The customer can use some or all the service as required, including support to other federated development teams throughout the MOD. The team are also responsible for the governance and administration of the Dynamics platform. The team’s ethos is to always encourage the customers to consider the bigger picture and the wider benefits of their app when working through the requirements to obtain the greater benefits.
8. What is DASH Automation Service?
DASH – Defence Agile Software House - iHuxley is one of several teams that sit within the DASH Automation Services. DASH’s role is to define the overarching governance and promote collaborative working of the numerous Automations solutions (as described in question 5 above) and teams throughout Defence, to drive best practices, avoid duplication and encourage innovation.
9. What are the benefits of the iHuxley programme?
• Reduce and streamline processes – scaling to Pan-Defence where applicable, and then digitalising using the appropriate tool.
• Improve Data security and confidence through entity and data management with single sources of the data to give single source of the truth
• Improved confidence in MI through improved Enterprise Data management
• Reduced time and resource to provide MI and reporting
• Repeatable templates improves end user experience and baked-in “help” guides users through the process.
• Reusable code and patterns e.g. API’s, CDS - which reduces time to market when developing new products and services
10. Which classifications will iHuxley cater for?
Currently the focus is on OFFICIAL-SENSITIVE using the online O365 PowerPlatform on MODNET OFFICIAL – however, SECRET requirements do exist but have yet to be investigated due to insufficient demand signal verse investment. Should the requirement become viable then the team may engage in discussions around higher classification solutions and the correct of security cleared resources will be required at that time.
11. Who are the Federated DevOp Teams?
iHuxley is the Defence Digital (previously ISS) central team delivering and managing D365 on MODNET. However, across Defence there are other TLBs (Top Level Budget-Holders) that have their DevOps Teams that are already developing their own Apps on the PowerPlatform. In order to go into Production, these teams will have to comply with the iHuxley Governance and also utilise the core teams platform management to obtain licences etc. The Federated DevOps Teams may also work along side the core team for some apps and vice verse to share knowledge and improve the in-house capability across Defence and deliver scaleable apps.
12. Will there be an incumbent team in place following award of iHuxley Phase 2?
The successful contractor of iHuxley Phase 1 will be in place upon award of Phase 2. There will be elements of ongoing products that this contractor will complete, and also they will lead on the platform and programme/delivery governance until an appropriate handover time determined by the iHuxley Programme Manager (Crown Servant).
13. Will there be other contractors working on DASH Automation deliveries? Part 1
Yes – DASH is there to facilitate all of Defence to automate their processes in-line with best practice and through the governance being established patterns and templates will be available to follow. There are other contracts in place providing other automation tools that can be utilised by the DASH/iHuxley Team to deliver best value for Defence either individually or as a combined solution. The Federated TLBs may also be supported by third party contractors.
14. Will there be other contractors working on DASH Automation deliveries? Part 2
In addition, the team will look to have further contracts in place, in the future, to ensure continuity of service to its customers, and also to provide options for routes to market to drive value for money and high performance.
15. What is the current phase of work?
iHuxley is a service that provides both support to existing DevOps Teams and Full End to End delivery of Applications for Customers. Thus, there is an extensive portfolio of products in the Backlog and in production, all at various stages of delivery, from discovery, to MVP live products, that are continuing development while being fully supported.
16. "Demonstrable recent experience of implementing Enterprise Data Management, using Dynamics Common Data Service, designing data models, reuse of authoritative sources, whilst being compliant with information assurance legislation and guidance.". Please can the MoD clarify if our understanding of the term "authoritative source" is correct? We interpret "authoritative source" to mean any trusted data set (such as master data / reference data). If incorrect, please could you provide greater clarity.
When referring to authorative data sources, we mean recognised, authoritative data sources, when data provinces can be proven. Examples include, but are not limited to Master Data Management systems, Corporate systems of record, Common Data Services. Using authoritative data sources ensures maximum reuse of data, enforces data integrity, and improves the user experience by ensuring data is entered once and reused many times as it passes through processes.
17. Are suppliers that provide a combination of DevSecOps team and an existing automated DevSecOps Platform, which integrate with Microsoft Dynamics and PowerPlatform, considered for this bid?
1) DevSecOps will ensure that everyone in the software development life cycle is responsible for security, bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. Therefore, suppliers with a DevSecOps capability are eligible to bid in accordance with the criteria set out in the advert.
2) Automated DevSecOps should be operated from The Authorities platforms only.
18. How many applications, or software systems, will be secured using the DevSecOps platform/team?
As described in the advert, the backlog has numerous application in various stages of delivery, and are aware of requirements that may come in, but until applications are funded that can not be progressed. The advert is to set up the service offering ready to respond rapidly to such requests as they come into the system.
19. Would provision of an existing, ready-to-go, automated DevSecOps platform which could immediately integrate with MS Dynamics, PowerPlatform, RPA and existing security tooling, be considered?
1) DevSecOps will ensure that everyone in the software development life cycle is responsible for security, bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. Therefore, suppliers with a DevSecOps capability are eligible to bid in accordance with the criteria set out in the advert.
2) Automated DevSecOps should be operated from The Authorities platforms only.
20. If a supplier cannot demonstrate every Essential Criteria related to MS Dynamics and PowerPlatform, will the application still be considered for tender?
As per the DOS guidance, only the highest scoring bids that are compliant against all essential criteria will be considered for stage 2 evaluations.