Awarded to IBM United Kingdom Ltd

Start date: Monday 6 February 2017
Value: £12,000,000
Company size: large
Home Office

Home Office (HO) National Law Enforcement Data Programme (NLEDP) Application Development Service

0 Incomplete applications

44 Completed applications

21 SME, 23 large

Important dates

Friday 28 October 2016
Deadline for asking questions
Friday 4 November 2016 at 11:59pm GMT
Closing date for applications
Friday 11 November 2016 at 11:59pm GMT


Summary of the work
Developing and delivering applications and services for NLEDP using Agile methodologies. Projects include building and optionally supporting:
Data services to support Law Enforcement and other Agencies;
Highly automated application delivery pipelines;
Access portals; and
API gateways supporting fixed and mobile channels.

Key technologies: Java, WebServices, Messaging, RBAC, RDBMS, Entity Recognition
Latest start date
January / February 2017
Expected contract length
2 years
Organisation the work is for
Home Office
Budget range
The estimated total budget is between £10M and £12M. The Supplier team will need to flex in size depending on the requirements of the programme. Statements of Work will be delivered through a mixture of Fixed Price, Capped Time and Materials and Time and Materials.

About the work

Why the work is being done
The Home Office has existing data systems whose contracts begin to expire in 2019. These systems are expensive to operate and maintain, and difficult to change to accommodate the rapidly evolving law enforcement landscape. Additionally, some systems and components are approaching end-of-life, or end-of-support.
This procurement will enable NLEDP to replace these systems with the Law Enforcement Data Service (LEDS). LEDS will ensure continuity of business services, and act as a platform for innovation to transform the way the HO manages and supplies data services to Law Enforcement Communities and other authorised Agencies throughout the UK and internationally.
Problem to be solved
NLEDP requires a Supplier to supply teams to help deliver LEDS. Supplier activities will include cooperative requirements elaboration, detailed design, application development and testing to deliver services across a series of integrated and co-dependent projects using an Agile methodology.

The programme requires establishing highly automated build, test and deployment environments to deliver multiple releases efficiently. The Supplier will also be required to support ‘handover to Live’, and Release Management activities.

Work packages will focus upon access portals, web applications, API gateways, Master Data Management, Entity Recognition, messaging, micro-services, security and auditing, container technologies and SQL and NoSQL databases.
Who the users are and what they need to do
Users consist of UK Law Enforcement Communities and other authorised Agencies throughout the UK and internationally. These include (but are not limited to):
• Police Forces – 43 separate forces throughout the UK
• Border Control / Immigration • Government Departments
• Government Agencies
• Disclosure Services
• Criminal Justice System
• Offender Management Services.
User requirements include the provision of capability to:
• Check an individual’s identity, offending history, status, and location
• Analyse data to identify links between people, objects, locations and events
• Set up automated alerts for new or changed data and events of interest
Early market engagement
To date, NLEDP has conducted two supplier days, with a large number of organisations in attendance at each event. The strategic approach to application development and potential use of the Digital Outcomes and Specialists (DOS) framework was briefed to suppliers who attended the NLEDP supplier day in July 2016
Any work that’s already been done
The programme is currently in the Inception phase. The initial business requirements have been captured and the high level architecture has been defined (including the transition states for legacy systems).
Prior to a Supplier joining the programme, the following activities will have been completed:
• Initial business requirements elaboration
• Solution architecture definition
• Prototyping for core LEDS services
• Proof of concepts to test critical transition technologies
Existing team
NLEDP currently consists of Programme/Project Management, Business Change, Business Design, Data Migration and Technical Architecture teams. These teams are comprised of Civil Servants, contractors and other suppliers.
Current phase
Not applicable

Work setup

Address where the work will take place
Initially at Customer premises within the M25, including, but not limited to Hendon Data Centre, Home Office Croydon or 2 Marsham Street, London. The Application Development Service may also be required at Customer sites across the United Kingdom of Great Britain and Northern Ireland.
Working arrangements
Each project stream has NLEDP Project Management, Business Analysis and Architecture teams who will work with the Supplier to deliver the applications and services. It is expected that both Agile and Waterfall methodologies will be employed on the programme for different solution areas.

The Supplier will support collaborative development of their work packages, and will be accountable to HO project management and quality assurance for the delivery of those work packages. In some cases, the Supplier will provide the resources to create work packages and the delivery will be managed by HO.
Security clearance
All staff must hold or be prepared to undergo SC Security Clearance to work on this project. In addition, some staff must be prepared to undergo
• Non Police Personnel Vetting Level 3 (NPPV3)
• Developed Vetting (DV)

Additional information

Additional terms and conditions
• Rate card and Travel & Subsistence
• Conflict of Interest/Ethical Walls safeguards (applies to all sub-programme and ‘spin off’ activities whether procured via DOS or other contracting routes)
• Exit activities
• Financial reporting and acceptance certificates

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience in building and deploying scalable, event driven, or real-time solutions in commodity cloud environments such as AWS, Azure or Google
  • Experience of using secure development practices to deliver mission critical systems, business critical systems or Critical National Infrastructure
  • Experience of delivering highly available systems (including disaster recovery solutions) with complex integration requirements and full instrumentation
  • Experience in: API Gateways including API designs for distributed systems; Transactional systems using Application Servers/Application Containers; Analytical systems; ETL; Mobile Applications development; Data Modelling and data migration, and; Database Technologies
  • Familiarity with legacy technologies, such as mainframe systems, non-relational data models and terminal emulation
  • Experience in using, maintaining and improving automated development pipelines using tools such as GitHub, Maven, Nexus, Jenkins, NeoLOAD, JIRA and Confluence and automated testing frameworks
  • Experience of setting up development processes and working with large scale Agile programmes and aligning development activities with parallel work-streams across split sites, while continually ensuring quality standards are maintained
Nice-to-have skills and experience
  • Experience in developing services using container technologies such as Docker
  • Experience of successful delivery into a multi-supplier programme
  • Experience of delivering work packages in fixed price contracts in an Agile environment
  • Experience of user centric requirements gathering to develop web and mobile applications
  • Experience of working on systems that contain multiple layers of security controls (application, data and infrastructure) and access controls (RBAC and ABAC)
  • Experience of providing 24/7 Level-2 and Level-3 support for business critical systems requiring rapid responses to incidents

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Mobilisation and implementation plan (10%)
  • Project management (15%)
  • Team structure and composition (including CVs, technical skill sets and key staff) (25%)
  • Requirements analysis elaboration and detailed design (5%)
  • Build, Test, and Continuous Integration/Delivery (15%)
  • Technical expertise and innovation (5%)
  • Security (10%)
  • Testing (10%)
  • Third line support (5%)
Cultural fit criteria
  • Management of team(s) and Working Practices
  • Collaboration
  • Recruitment and retention, training, and on-boarding of personnel
  • Working in secure environments
Payment approach
Time and materials
Assessment methods
  • Written proposal
  • Case study
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. After the deadline for expressions of interest on 11th November, can you confirm whether you will be requesting evidence of the required skills and experience?
The DOS framework short-listing process will be followed. If the short list is too long we will be requesting written evidence of the essential and nice to have skills and experience. There will be a 500 word limit for each.
2. Do you envisage the work packages as part of this contract to be for outcomes or are you focusing on people/teams with specific skills to deliver?
The work packages will be outcomes based.
3. What security classification (or classifications) do you expect that the new LED’s platform will need to be built and tested within?
It is anticipated that the new platform will be built and tested within an environment capable of storing data up to and including OFFICIAL (some of which may attract the SENSITIVE caveat).
4. Is it expected that the Solution Architecture Definition will define the Software Stack within the final solution, and to what level?
Yes, the Solution Architecture defines the software stack in terms of platform product selection e.g. API Gateway and Database.
5. Do Home Office have a preference for a particular scaled Agile approach such as Scaled Agile Framework (SAFe), Large Scale Agile (LeSS) or Disciplined Agile Delivery (DAD)?
To-date we have considered, but not committed to delivery based on scaled agile framework. This should not deter suppliers from suggesting alternate approaches which we will consider.
6. Are you able to articulate how such an arrangement will be orchestrated? i.e. are you looking for a supplier to provide a team that are expected to work as a supplier team or a number of persons to be allocated to other teams already in existence?
We are looking for a mixture and variety of both of theses approaches. Phasing, responsibilities and governance is described in detail in the ITT requirements documents.
7. Can you give an indication of how much support you are expecting from day one and where that support will commence work from?
We have no live support requirements on day one. Support will be required from the start of the first production release.
8. Are the necessary working tools and environments available or do you expect the supplier to be providing some of these?
The Home Office will provide the development, test and production environments and provision of workstations.
9. Will there be a formal Change process on Fixed Price projects?
The change process set out in the call off agreement will be applied.
10. Could the CA please clarify whether programme or project management to whom the supplier may report/account are full time HO employees (Civil Servants) or themselves contractors?
Full accountability and sign off of PPM reports/deliverables is by the HO Civil Servant Programme Lead.
11. By looking for an Application Services supplier it would appear as though the programme is following a “Towers” style approach. Could the Contracting Authority clarify whether there will be any restrictions on bidders in the event of further “Towers” being procured using Frameworks – e.g. Technology Services, G-Cloud, NSF? Basically would a supplier bidding this and winning exclude themselves from further competitions?
We may exclude suppliers from a future procurement where permitted under the Public Contract Regulations 2015, including, but not only, where there is a conflict of interest or prior involvement that cannot be effectively remedied by other measures.
12. The requirement mentions a total value between 10 and 12 million pounds. Some questions arise from this: How firm is this expectation of total value to be awarded to the successful contractor over the period? Is this procurement subject to Cabinet Office oversight under the Spend Controls process? Does the Contracting Authority have any view yet of the initial purchase commitment and the likely phasing of the contract value ?
The total value is an indicative figure based on expected workpackages and outcomes required. Workpackages will be contracted for over the period of the DOS award. No guaranteees are given on the number or total value of the workpackages over this period and the Authority has the right to terminate the agreement with respect to the notice period. The procurement is subject to the Cabinet Office spend controls. The initial value of the first workpackage will be confirmed as part of the elaboration.
13. We understand that the only price comparison (evaluation) for DOS is via a rate card. Could the Contracting Authority please advise how the capability for the supplier to deliver fixed price services will be evaluated on this basis?
The ability to deliver fixed price services will not form part of the price evaluation.
14. Security and Information Assurance: DOS as described expects the supplier and buyer to operate in a Security Framework covering OFFICIAL classification. These requirements request the supplier to have SC, DV or Non Police Vetting cleared staff which would imply higher levels of classification (“above OFFICIAL”) for some services. Is it the opinion of the Contracting Authority that secure CNI services are compatible with procurement under DOS? For example, requirements for where work is carried out, how data and code is transferred and MI will be different between OFFICIAL and above OFFICIAL.
Suppliers are requested to undertake SC,DV or NPPV3 vetting as necessary. Direct access to police data may require levels of clearance in addition to SC. Classification of data is currently not expected to exceed OFFICIAL, however some data is expected to attract the SENSITIVE caveat. The services requried are compatible with procurement under DOS.
15. Digital Outcomes and Specialists (DOS) allows the Contracting Authority to vary (within limits) the terms and conditions applying to the Call Off Contract/Order – would the Contracting Authority be prepared to share an early view of its intentions in this area?
Further information will be available for shortlisted suppliers to enable the submission of a proposal at that stage of the process. It will not be provided prior to shortlisting.
16. Please could you confirm that the Contracting Authority (CA) is the Home Office?
Yes, the Contracting Authority is the Home Office.
17. If further information to be received indicates that relevant COTS products could be configured and integrated to provide a solution that meets the client's business requirements, with reduced cost and/or reduced development time, would you consider this?
Alternative approaches may be considered if they can be shown to meet the requirements and offer substantial benefits - e.g. user, cost, performance
18. Which roles are expected to require DV clearance?
The roles that have significant access to data are expected to require DV clearance.
19. Please could you provide some further detail on the wider teams will you be looking for? Will these be composed of developers / testers and if so, in what quantities?
Please refer to the response on question-6
20. Is there any strategic influence needed or has the strategy been fully defined?
The solution architecture design and transtion strategy have been defined.
21. The summary mentioned that both Agile and Waterfall methodologies will be employed on the programme - please could you give us a clearer indication of the splits?
The majority of the work is expected to be based on Agile methodologies.
22. Are you looking for a purely open source solution, or is Microsoft platform an option?
The solution is expected to be a mix of COTS, Open Source and integrated bespoke technologies.
23. Do you envisage LEDS to be a service oriented architecture?
LEDS adopts a Service Based approach, but is not a "classical" SOA solution.
24. Will you be looking to transfer support to an internal team?
Support will transition to another Home Office team.
25. Would it be possible to obtain outputs from the early market engagement sessions, as unfortunately we were not able to attend.
Please email with your request to obtain the market engagement outputs.