National Crime Agency

Technology Delivery Partner for Cloud Data Science Services

19 Incomplete applications

14 SME, 5 large

33 Completed applications

13 SME, 20 large

Important dates

Published
Monday 16 March 2020
Deadline for asking questions
Monday 23 March 2020 at 11:59pm GMT
Closing date for applications
Monday 30 March 2020 at 11:59pm GMT

Overview

Summary of the work
The Authority needs support to develop National Data Exploitation Capability (NDEC) with greater scale. The Supplier is to provide Delivery Teams with the requisite skills to design and build analysis tools, platforms and services. The Services required cover:
A.Data Exploitation;
B.Tools development;
C.Data acquisition and management;
D.Support and Maintenance.
Latest start date
Thursday 30 April 2020
Expected contract length
2 years, with an optional further extension of up to 24 months.
Location
London
Organisation the work is for
National Crime Agency
Budget range
£4million

About the work

Why the work is being done
National Data Exploitation Capability (NDEC) will be a strategic enabler for the development of an unprecedented, sophisticated, and joined up approach in the deployment of data to help cut serious and organised crime. Technically speaking it will deliver industrial scale data analytics and be the foundation for a suite of data driven products and services that will underpin access to and understanding of intelligence relating to national security.
Problem to be solved
The Authority needs support to develop the capability with greater scale, pace of delivery and innovation. This requirement is for a Supplier to provide small, self-contained development teams (Delivery Teams) with the requisite skills to design and build analysis tools, platforms and services.
Who the users are and what they need to do
National Crime Agency (NCA) Officers and auditors to allow for effective data analysis. Specific work packages may require engagement with other Authority partners and law enforcement agencies.
Early market engagement
Any work that’s already been done
Existing team
The Supplier team will deliver the Services in accordance with the deliverables and Statement of Works, any existing suppliers will be identified on a call-off basis. The Authority will inform the Supplier of any internal existing teams they will need to work with on a project by project basis.
Current phase
Discovery

Work setup

Address where the work will take place
The Services are required to be delivered onsite at Authority locations at Units 1 - 6 Citadel Place, Tinworth Street, London SE11 5EF and other Authority sites located in South West of England.
Working arrangements
The Authority would like to work with Supplier Delivery Teams, who have the essential skills required. Taking an agile approach, it is envisaged that the Delivery Team will be formed and work face to face with the Authority Team in block periods for example 5 days a week for a month. The Delivery Teams will be located at the relevant location. Expenses will only be payable if travel is required outside the M25 and should be payable in accordance with the NCA Travel (no Subsistence) policy.
Security clearance
SC (Enhanced) clearance is required. It is desirable for Suppliers to hold current SC clearance. The Authority will support Security Clearance applications including enhanced clearance where required.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • The supplier should have cloud and data experience in the national security or law enforcement space.
  • Experience in the build of data analytical solutions including cloud infrastructure and applications.
  • Experience in design, development and delivery of data tooling and data migration
  • Experience of cloud integration.
  • Experience of DevSecOps using modern agile methodologies.
  • Experience of working closely with customers to elaborate data solutions and deliver cloud services.
  • Cloud native/ cloud first experience primarily in AWS (secondarily Azure).
  • The Supplier must also be able to provide all roles as defined at bullet points 9-16 as part of the Delivery Teams.
  • Data Architect with minimum of 5 years’ experience in role, with AWS Certification. The Data Architect will have experience in the following areas: Data architecture, data exchange, APIs, Cloud, security.
  • Data Scientist with minimum of 3 years’ experience, degree qualification in Statistics, Mathematics and/or Programming. Will have experience in: Python, Large data set analysis, Machine Learning and knowledge of intelligence.
  • Data Analyst with a minimum of 1-year experience in that role with experience of conducting analysis, Python basics and with knowledge of intelligence.
  • Data Engineer with minimum of 3 years’ experience in role with a relevant Programming or Computer Science qualification. The Data Engineer will have experience in ETL, API and databases.
  • Technical Specialist Architect and Cloud Services with minimum of 1 years’ experience in role, with AWS Professional qualification. Will have experience in Cloud Services, infrastructure as code and Cloud Security.
  • Delivery Manager with a minimum of 5 years’ experience. The Delivery Manager will have experience in lean delivery methods, use of collaboration tools and managing multi-disciplinary teams.
  • QAT Analyst with a minimum of 2 years’ experience in that role. The QAT Analyst will have experience of Testing and continuous integration.
  • DevOps (DevSecOps) Engineer with minimum of 2 years’ experience in role with relevant programming and/or computer science qualification. Will have experience in Cloud services, AWS and continuous integration.
  • Ability to provide sufficient resource capacity across the capabilities to deliver concurrent projects.
Nice-to-have skills and experience
  • Experience of data science technologies such as Natural Language Processing / Artificial Intelligence / Machine Learning.
  • Experience in regulatory and ethical issues including knowledge of data protection regulation requirements
  • Experience of UX design, user research, performance analysis and automation.
  • Ability to conduct training and ongoing knowledge transfer to Authority staff.

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
4
Proposal criteria
  • Technical Skill and ability with evidence of experience with other clients.
  • Mobilisation approach and methodology for the deployment of the Delivery Team, including experience, that covers all roles, as defined in the Essential Skills section.
  • How the Supplier will manage key deadlines and changing requirements.
  • Approach and technical solution which meets the NDEC goal.
  • Provide CVs for the proposed Delivery Team.
  • At Presentation (if applicable) how the Supplier will collaborate and work alongside the Authority.
  • At Presentation (if applicable) how the Supplier will problem solve utilising its Delivery Team.
Cultural fit criteria
  • Demonstrate your approach is delivery focussed and engineering led.
  • Ability to work collaboratively and interact with the Authority and the wider supplier network in the organisation.
  • Ability to mobilise effectively and efficiently taking responsibility for their work to deliver what is required for the Authority.
  • Ability to deliver innovation in delivery.
Payment approach
Time and materials
Additional assessment methods
Presentation
Evaluation weighting

Technical competence

50%

Cultural fit

20%

Price

30%

Questions asked by suppliers

1. Currently, is there presence of data analytics/data science services? If yes, to what extent?
Data analytics services are currently provided as a bureau service to the Agency. These include data matching, trend analysis and operational support. The services cover major trends and support some of the main services provided by the NCA.
2. Is there any incumbent supplier?
There is no incumbent supplier.
3. What is a technical stack currently used along with data storage & reporting/analytical tools?
The technical stacks are based on AWS or Microsoft. Industry standard compents such as elastic search and Kabana are also used. Data storage uses AWS or Microsoft databases. Reporting and analytical tools include Jupiter notebook, a number of SQL tools and some proprietry or specialist tools.
4. What is a technical stack currently used along with data storage & reporting/analytical tools?
The technical stacks are based on AWS or Microsoft. Industry standard compents such as elastic search and Kabana are also used. Data storage uses AWS or Microsoft databases. Reporting and analytical tools include Jupiter notebook, a number of SQL tools and some proprietry or specialist tools.
5. Can you please clarify what you are expecting for bullet points 9 to 16? Are you looking for an example of where we have deployed a similar level resource or details of the resource we would intend to deploy?
Please provide details and examples of the resource you would intend to deploy.
6. For bullet points 9-16:
Are you expecting suppliers to respond with proposed individual resource experience for each role or the company's overall experience for each type of role?
Given the current climate proposing individuals at this early bid stage will be challenging.
Please provide details and examples of the resource you would intend to deploy, this does not need to include proposing individuals.
7. Are bidders expected to respond to the 8th bullet of the essential criteria and will it be scored (The Supplier must also be able to provide all roles as defined at bullet points 9-16 as part of the Delivery Teams.) ? It seems to just be an introductory point for the subsequent questions regarding roles/skills
Bidders must confirmn all roles can be provided. Any roles that cannot be provided must be listed.
8. Bullet Point 8:
The Supplier must also be able to provide all roles as defined at bullet points 9-16 as part of the Delivery Teams.
Are you expecting a 100 word response for this bullet point and will it be evaluated?
The response can be up to 100 words in response and must confirm if all roles can be provided. Any roles that cannot be provided must be listed.
9. Can you provide the procurement timetable please, i.e after the PQQ has been submitted?
Estimated timetable for the Assessment stage is as follows: RFP issued 6/04/2020; Closing date for RFP 20/04/2020; Contract Award 30/04/2020. Please note these dates are subject to change.
10. Could you please elaborate what kind of security clearance is needed?
SC clearance is required before your organisation can work with the National Crime Agency, as you may have access to SECRET and TOP SECRET assets. SC Enhanced is a further check undertaken by the National Crime Agency. If your organisation does hold SC clearance this is an advantage, however it is not essential and will not form the evaluation process or weighting. NCA will support applications for clearance including the enhanced checks.
11. Is there scope for suppliers with SC Clearance to start work while staff undergo the SC Enhanced process?
The NCA operate a risk management approach, but this is dependent on the nature and risk of the requirement. The specific department in conjunction with security will make this risk based decision.
12. Can the customer advise the approximate time for gaining SC Enhanced for staff that already hold SC?
It normally takes 1-2 months to gain SC Enhanced, but these timescales may change due to NCA operational priorities.
13. Can you confirm whether the budget range of £4M is for the first two years only or does that also include period for the optional further extension of up to 24 months?
The budget range quoted is for the two year period only.
14. Will Suppliers be able to develop capability in List X locations other than the Client’s locations?
Suppliers will be able to develop capability offsite where this does not contravene NCA security and data protection policies.
15. The proposal requests teams to operate in London and the South West, can the customer give a view of the likely proportion of work at each location?
Location is flexible, but we need the ability for staff to be available at different sites
16. For the ‘Essential Skills and Experience’ questions 9 to 16, please can we confirm approach the answering to these questions:
• Are you looking for a general overview of capability for each of the delivery roles or an answer based on a selected individuals experience, or both?
• If the latter, can we confirm that you will not require named resources at Stage 1, and that anonymised exemplar candidates are acceptable?
Please provide details of capability to provide the roles and examples of the resource you would intend to deploy (names can be removed).
17. In the ‘Essential Skills and Experience’ question 5, please can we clarify the NCA’s definition of DevSecOps – as we understand the term can sometimes mean different things to different organisations / in different contexts.
DevSecOps here is meant to refer to DevOps processes which integrate security practices.
18. Does the work include the in-cloud replacement or cloud migration of existing data processing services/components?
The work could include enhancing current cloud functionality and replicating existing processes, with activities determined by backlog priorities.
19. Is the new capability intended to work with the output of any existing components.
New capability will integrate with other processes in a loosely coupled way.
20. Can the customer expand on what they mean by Cloud Integration? Is this integration with existing cloud based services/systems or systems that are currently hosted on premises?
Cloud integration here means integrating with services on other cloud providers or onsite services in a loosely coupled way.
21. Please confirm the extent of the NDEC opportunity which may be seen as ambiguous. The title of the opportunity is Technical Delivery Partner, implying that the contract is for both design, build and delivery of the NDEC service. The text, however, states “this requirement is for a Supplier to provide small, self-contained development teams (Delivery Teams) with the requisite skills to design and build analysis tools, platforms and services” which infers that the delivery and management of the service is separate to this opportunity. Does the DOS opportunity, therefore, include the delivery of the service to the NCA user?
The requirement is for teams to cover the lifecycle from design to delivery, which will vary by workpackage. Early delivery and working with users is encouraged.
22. In your ‘nice to have’ question, ‘Experience of UX design, user research, performance analysis and automation’, could you please explain what information you would like bidders to provide? We can evidence all of these disciplines/practices, but they are not commonly grouped together – specifically, automation – could you provide brief details of what eventual activities this question is intended to assess bidders’ ability to perform?
Nice to have activities are those related to core data processing activities. These refer to specialisms in automation (business process automation), UX design, user research and performance analysis (management information).
23. Will all teams be identical in size/structure i.e. each consisting of a Data Architect, a Data Scientist, a Data Analyst, a Data Engineer, a Technical Architect, a Delivery Manager, a QAT Analyst and a DevOps (DevSecOps) Engineer?
Teams will vary based on what is appropriate for individual workpackages, and at least one type of resource will be required for smaller packages, with more complete teams required for larger packages.
24. Re: Q17, ‘Ability to provide sufficient resource capacity across the capabilities to deliver concurrent projects’, what information are you seeking? Should suppliers list the number of each role type that could be available for call-off?
Please provide information on the types of resources you have and the capacity in different areas. This could be done by detailing the number of staff in roles or general information on technical resources available.
25. Could you please confirm what details you are seeking for points 9 to 16? E.g., should bidders provide confirmation that they can provide resources of the type/experience listed, with fuller details for one suitable member of staff?
Please provide details of general capabilities in each area and examples of the resource you would intend to deploy.
26. We interpret your advert as meaning that the contract will be operated by call-off, and that the Authority will request teams on a project-by-project basis, potentially with some projects/teams running concurrently. Is this the case?
The contract will be called-off the Digital Outcomes and Solutions Framework and will be managed by issuring specific Statements of Work for each work package. There may be occasions when there are concurrent Statements of Work in place.
27. For question “Technical Specialist Architect and Cloud Services with minimum of 1 years’ experience in role, with AWS Professional qualification. Will have experience in Cloud Services, infrastructure as code and Cloud Security” please could you elaborate on the requirements for this role?
Deep hands-on knowledge of cloud services architecture is required for the specialist role, involving specifying and building architectures, so that environments and applications can be qucily implmented in a secure, user centric fashion.
28. For question “Data Architect with minimum of 5 years’ experience in role, with AWS Certification. The Data Architect will have experience in the following areas: Data architecture, data exchange, APIs, Cloud, security.” And also question “Technical Specialist Architect and Cloud Services with minimum of 1 years’ experience in role, with AWS Professional qualification. Will have experience in Cloud Services, infrastructure as code and Cloud Security” would it be sufficient if AWS Certification is in progress and will be concluded in a reasonably short timeframe?
Attained AWS certification would be expected.
29. Please could you elaborate on what you are seeking for question “Experience of cloud integration”? What sort of integrations would you find relevant in the context of your requirements?
Cloud integration experience relates to connecting environments (with other clouds or on-prem), data (mechanisms for pipelines or transfer) or applications (single user experience) to support an mulit-environment strategy.
30. For questions 9-16 (the various roles being requested) please could you confirm the format you would like suppliers to respond with. In another clarification question, you’ve responded to advise “Please provide details and examples of the resource you would intend to deploy, this does not need to include proposing individuals.” Please could you be specific about what you mean by details and examples? For example, do you want this to fit within the usual format of “what the situation was, the work the team did and what the results were”?
Please provide details of capability to provide the roles (for example, numbers of data engineers and the type of services they typically provide) and examples of the resource you would intend to deploy (for example, CVs of the type and level of staff which would be deployed).
31. For question “The Supplier must also be able to provide all roles as defined at bullet points 9-16 as part of the Delivery Teams”, please could you confirm what (if anything) you would like suppliers to respond with beyond a simple confirmation that all roles can be provided? For example, do you want to see an example project that demonstrates capability in the usual format of what the situation was, the work the team did and what the results were.
Please provide details of capability to provide the roles and examples of the resource you would intend to deploy.
32. To what extent (if at all) will the delivery of this engagement be aligned to the Service Manual https://www.gov.uk/service-manual and associated GDS assessments?
Delivery will follow best practice, including GDS service standards although assessements are not required.
33. Do you require one example per question to be cited, or is it acceptable to include multiple examples for a single question? Some of the questions, for example “Experience in regulatory and ethical issues including knowledge of data protection regulation requirements”, would require more than one example to demonstrate breadth
Multiple examples are acceptable.
34. Do you have any preference between public sector or private sector examples? Or will both be treated equally as long as they are relevant to the question?
Both public and private sector examples are of interest, details of national security or law enforcement work are particularly relevant.
35. Has work has been fully defined, bounded and prioritised?
The work is allocated from a backlog and will be defined as it moves along the backlog.
36. Are you able to recruit and provide access to users for the purpose of user research?
SMEs (subject matter experts) will be available for user research and feedback.
37. Will you be able to organise access to stakeholders throughout the project?
Stakeholder access will be arranged through NCA project staff.
38. Will your Product Owner be allocated full time to this project?
There will be full time NCA project staff including product owners.
39. What roles are you expecting suppliers to provide? In addition, are you expecting all roles to have the ability to be full time?
The key roles are listed in technical requirements and these are expected to be full time as required by work packages.
40. Will you be providing further information to the downselected suppliers to aid in proposal generation?
Yes there will be a Request for Proposal document with a request for a response to NCA's requirements and there will be maximum word limits.
41. In order to compare suppliers like for like, how will price be evaluated: will you be evaluating by the total price for an inital SOW, rate card or both? How do you ensure that you are completing a genuine value for money comparison rather than just a rate card comparison?
Pricing has a weighting of 30% and pricing criteria will be calculated by multiplying the Supplier’s score by the applicable weight.
42. Will the scores from the evidencing round be taken through to final evaluation? Or will they only be used for the purposes of shortlisting suppliers?
Scores from the evidencing round will not be taken through to final evaluation they will be used to shortlist suppliers for the assessment stage only.
43. For the first evaluation round (evidence), what would you expect to see from an answer for it to be deemed 'exceeding' and score 3 marks?
Evidence for exceeding and score 3 marks will need to contain evidence that is over and above that expected for the requirement.
44. Please can you share a procurement timetable outlining steps (which would typically include evidence response evaluation, shortlisting of suppliers for next stage, preparation of supplier proposals, evaluation of supplier proposals, announcement of successful supplier, contract completion, contract signatures, commence work), bearing in mind the dates published on the contract notice: evidence submission on 30th March and commencing work on 30th April?
The detailed procurement timetable will be provided to shortlisted suppliers at the assessment stage. Estimated timetable for the Assessment stage is as follows: RFP issued 6/04/2020; Closing date for RFP 20/04/2020; Contract Award 30/04/2020. Please note these dates are subject to change.
45. Does the Authority have an existing data strategy, framework, platform or architecture that the Supplier must align with?
Yes an exisitng data framework and platform will be used.
46. In respect of “bullet points 9-16” and the roles defined therein, is the Authority expecting details of proposed candidates for each role in Supplier responses?
Please provide details of capability to provide the roles and examples of the resource you would intend to deploy.
47. How many concurrent projects does the Authority anticipate the Supplier will need to deliver?
Projects are expected to flex throughout the term, from one to five depending on workpackages.
48. Do NCA have any preferences for technology or software to be used to deliver this work?
The technical stacks are based on AWS or Microsoft. Industry standard compents such as elastic search and Kabana are also used. Reporting and analytical tools include Jupiter notebook, a number of SQL tools and some proprietry or specialist tools.
49. Do NCA have a view of the number of FTEs required for each role type defined in the bid?
FTE are expected to flex throughout the term, between an estimated handful up to a limit of twenty.
50. The requirements make reference to both “Delivery Team” and “Delivery Teams”. Can the Authority clarify whether the requirement is for a single team with the roles specified or multiple teams?
Mulitple teams will be needed with makeup determined by individual workpackages, and at least one type of resource will be required for smaller packages, with more complete teams required for larger packages.
51. Are there any specific agile methodologies / frameworks used by the Authority that the Supplier needs to adopt?
There are no specific agile methodologies.
52. Are there any specific DevSecOps tools / software requirements that the Supplier needs to adopt / integrate with?
Well known devops tools are used, for example GitLab and Terraform.
53. Is there an existing AWS landing zone / hub-and-spoke environment that the Supplier needs to work within?
There are exisitng AWS environments that staff need to work within.
54. Will the Authority require the Supplier to use Authority-issued or Provider’s own equipment to perform the Services? If Supplier’s own, are there any specific security or hardening requirements?
Where there are specific EUD security requirements, the Authority's equipment will be used.
55. Are there any specific open source or third party tools that the Authority are making use of relating to data storage, ETL, analytics and machine learning e.g. Hortonworks, Cloudera, Apache open source?
Open source tools are used, primiarily the ELK stack.
56. Does the Authority make use of any specific AWS cloud-native services relating to data storage, ETL, analytics and machine learning e.g. EMR, Athena, Glue, Kinesis, Sagemaker, Lake Formation etc.?
Yes, AWS cloud native services are used.
57. Will you be providing further information to the downselected suppliers to aid in proposal generation?
There will be a Request for Proposal document with a request for a response to NCA's requirements and there will be maximum word limits.
58. Does the NCA see this procurement being affected by COVID-19 or is the procurement expected to run its course?
At the current time NCA will continue with this procurement exercise however any changes to Government measures that are announced will be followed.
59. Given the current Covid-19 situation, which we anticipate may continue beyond the start date of this opportunity, will there be any provisions made for Supplier personnel to work remotely?
This will be dependent on the circumstances that prevail at Contract Start Date in light of Government measures in place and a review by the specific department in conjunction with security who will make a risk based decision.
60. Please can you confirm if there will be a specific format or template for the proposal response and whether this will be capped (max number of words or pages).
There will be a Request for Proposal document with a request for a response to NCA's requirements and there will be maximum word limits.