This opportunity was withdrawn on Monday 27 July 2020

You can't apply for this opportunity now. The buyer may publish an updated version on the Digital Marketplace.

Cabinet Office

Cabinet Office Personal Data Protection Delivery Enhancement

25 Incomplete applications

19 SME, 6 large

1 Completed application

0 SME, 1 large

• Published: Tuesday 21 July 2020
• Deadline for asking questions: Tuesday 28 July 2020 at 11:59pm GMT
• Closing date for applications: Tuesday 4 August 2020 at 11:59pm GMT

Overview

• Summary of the work: The Cabinet Office needs to mobilise a programme to respond to the findings of a Data Handling Review through enhancing capabilities, standards and controls across the department to manage data privacy risk.
• Latest start date: Monday 10 August 2020
• Expected contract length: To be delivered prior to 31 December 2020
• Location: London
• Organisation the work is for: Cabinet Office

About the work

• Why the work is being done: Delivering the Cabinet Office business strategy places a critical reliance on enhancing the capture, storage, management and use of personal and non-personal data. Recent events, however, have identified weaknesses in the Cabinet Office capabilities for managing personal data privacy. ; ; The Data Protection Act 2018 demands stringent obligations on the management of privacy risk and exposes the department to material penalties and regulatory censure in the event that risks are insufficiently managed or mitigated.; ; An independent review (‘Building Trust In Digital Government’: A Review Of Personal Data Handling In The Cabinet Office) was commissioned following a high profile data breach in December 2019. The review identified systemic inconsistencies in data processes, controls and culture across Cabinet Office and that there is a significant risk that further and more impactful breaches will occur as the amount of personal data being handled by the Department increases.; ; The independent review of the Cabinet Office’s personal data handling practices proposed recommendations to enhance the overall risk management of data privacy across the department. ; ; The Cabinet Office needs to implement this work prior to end December 2020
• Problem to be solved: The independent review of the Cabinet Office’s personal data handling practices proposed recommendations to enhance the overall risk management of data privacy across the department. ; ; Recommendation 1: Enhance accountability and governance ; Aim: Establish unified leadership for personal data handling supported by extension of existing best practice delivery in Cabinet Office to increase consistency of delivery.; ; Recommendation 2: Reward the right behaviours and recognise skills ; Aim: Strengthen existing business unit responsibilities through active identification and promotion of personal data handling experts.; ; Recommendation 3: Confirm a new Data Strategy ; Aim: Define a new Data Strategy aligned to Cabinet Office values and Digital Government ambitions which will inspire current and future Cabinet Office resource. ; ; Recommendation 4: Be transparent on progress ; Aim: Develop the execution oversight and data analysis required to demonstrate progress on maturing data delivery capabilities to all stakeholders.; ; Recommendation 5: Refresh Training and Guidance ; Aim: Rebuild Training and Guidance to become accessible on a sustained basis by all Cabinet Office resource.; ; Recommendation 6: Establish consistent standards and technology controls ; Aim: Achieve consistent leading standards and controls across personal data handling processes.
• Who the users are and what they need to do: Cabinet Office staff, stakeholders and the wider external community
• Existing team: Existing Cabinet Office Data Protection Office; Digital Knowledge Information Management teams; Security; Information Assurance; 3rd Party Contracts team and the Chief Data Office
• Current phase: Beta

Work setup

• Address where the work will take place: Ordinarily in various locations across London; ; However during lockdown it is anticipated the majority of the work will be conducted remotely
• Working arrangements: To respond as a result of this Requirements doc
• Security clearance: BPSS/CTC; ; For clarity we do not need SC clearance

Additional information

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • Proven experience of Data Governance in FTSE 100 and / or Government programmes
  • Have experience of implementing regulatory data protection change
  • Have 5 years + experience in data practice
  • Be a good communicator
  • Have experience of process documentation
  • Have experience of developing data policies

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

• How many suppliers to evaluate: 3
• Proposal criteria: How the proposal meets the overall requirements
• Cultural fit criteria:
  • How you work : Must work with the Cabinet office BAU workstream owners to approve assets and artefacts must not work in isolation and delivery
  • How you solve problems : Must be open to challenge and be willing and able to think outside the box
  • Must have transparency and collaboration : Along with traceability of progress and demonstrate clear delivery
• Payment approach: Fixed price
• Evaluation weighting:

  Technical competence

  65%

  Cultural fit

  10%

  Price

  25%

Questions asked by suppliers

• 1. is there a current incumbent?: No, there is no incumbent; ; We have had a number of individuals working on our approach, and we have subsequently decided to consider a co-ordinated and consolidated solution
• 2. Is there a pre-determined budget for this work? Has the budget field been left unfilled for a specific reason?: 1. Not at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise; 2. Yes. We do not have an accurate assessment of how much this work will cost
• 3. What is the budget for this workstream?: W do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
• 4. What is the budget for this task?: We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
• 5. Who conducted the Data Handling Review referred to in the opportunity?: Adrian Joseph; ; Here is a link to the Review; ; https://www.gov.uk/government/publications/building-trust-in-digital-government
• 6. Be a good communicator – what critera is this being evaluated against? what does 'good look like'?: 1. This will be assessed in accordance with demonstrable successful communications as evidenced in your proposal; ; 2. A track record of successful communications
• 7. Have experience of process documentation' – experinece of sitting on them? Reading them, working in accordance to them, creating them?: Understanding process documentation, with a view to successful execution
• 8. How you work : Must work with the Cabinet office BAU workstream owners to approve assets and artefacts must not work in isolation and delivery – what is the weighing of this question?: This is within the Cultural Fit criteria for which there is allocated a 10% weighting
• 9. With reference to the framework and the guidelines, given there are no nice to have questions, what method are you using to create a short list?: By using the shortlisting guidance identified on DOS, here is a link; ; https://www.gov.uk/guidance/how-to-shortlist-digital-outcomes-and-specialists-suppliers?_ga=2.133931662.1641827046.1595264991-189223359.1594906382
• 10. What is the indicative overall budget allocated and the approximate day rate that have been scoped for this project (we need to assess the required seniority)?Is a single individual or a team required to fulfil the brief for this project?: We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise; ; We do not wish to be prescriptive at this stage to how you may fulfil the Requirements
• 11. Is there a set budget for this piece of work? If so what is it?: 1. We do not have a budget at present. ; ; 2. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
• 12. Has any external supplier(s) been involved in the preparation of this project?: Yes; ; There were a number of parties involved in the publication of the Review, here is the link; ; https://www.gov.uk/government/publications/building-trust-in-digital-government
• 13. The specification references an "....independent review of the Cabinet Office’s personal data handling practices"Was this review delivered by an external supplier(s)? If so, which one(s)?: Yes it was; ; You will find the appropriate detail in the following link; ; https://www.gov.uk/government/publications/building-trust-in-digital-government
• 14. "Early market engagement" and "Any work that’s already been done" have been left blank. Is this correct?: 1. Yes it is correct; ; 2. There has been no early market engagement; ; 3. There has been a very small amount of work done by one or two individuals in order to consider the likely appropriate manner in which to proceed
• 15. Do you have currently or have you had in the past 6 months any consultancy organisation or individual supporting you on this work?: Yes; ; There has been a very small amount of work done by one or two individuals in order to consider the likely appropriate manner in which to proceed
• 16. Can you say more about the criteria "Be a good communicator" – what are you looking for in an ideal answer?: This will be assessed in accordance with demonstrable successful communications as evidenced in your proposal ; ; By using the shortlisting guidance identified on DOS, here is a link; ; https://www.gov.uk/guidance/how-to-shortlist-digital-outcomes-and-specialists-suppliers?_ga=2.133931662.1641827046.1595264991-189223359.1594906382; ; 2. A track record of successful communications
• 17. Please can you confirm if there is an incumbent supplier and if they will be quoting for the beta phase?: 1. No, there is no incumbent
• 18. Have you conducted any internal research to understand internal capability and experiences in respect of current Data Protection practices and processes?: A review has been conducted, here is a link to the Review ; ; https://www.gov.uk/government/publications/building-trust-in-digital-government
• 19. It's good practice for marketplace listings to include a budget range. Can you say why you have not done that in this case?: It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
• 20. You write "Working arrangements To respond as a result of this Requirements doc" – can you elaborate on this please? What requirement doc are you referring to?: 1. We believe we are likely to be flexible and do not wish to be prescriptive, particularly during the present working arrangements during Covid-19. Consequently we are keen to understand how you would prefer the working arrangements to be; ; 2. We are referring to the requirements as articulated in the Supplier Opportunities on DOS. This is also referred to, in DOS, as 'Requirements'
• 21. What is the budget and timescale for this activity?: 1. We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise; ; 2. The timescales are as published on DOS