This opportunity was withdrawn on Monday 27 July 2020

You can't apply for this opportunity now. The buyer may publish an updated version on the Digital Marketplace.
Cabinet Office

Cabinet Office Personal Data Protection Delivery Enhancement

25 Incomplete applications

19 SME, 6 large

1 Completed application

0 SME, 1 large

Important dates

Published
Tuesday 21 July 2020
Deadline for asking questions
Tuesday 28 July 2020 at 11:59pm GMT
Closing date for applications
Tuesday 4 August 2020 at 11:59pm GMT

Overview

Summary of the work
The Cabinet Office needs to mobilise a programme to respond to the findings of a Data Handling Review through enhancing capabilities, standards and controls across the department to manage data privacy risk.
Latest start date
Monday 10 August 2020
Expected contract length
To be delivered prior to 31 December 2020
Location
London
Organisation the work is for
Cabinet Office
Budget range

About the work

Why the work is being done
Delivering the Cabinet Office business strategy places a critical reliance on enhancing the capture, storage, management and use of personal and non-personal data. Recent events, however, have identified weaknesses in the Cabinet Office capabilities for managing personal data privacy.

The Data Protection Act 2018 demands stringent obligations on the management of privacy risk and exposes the department to material penalties and regulatory censure in the event that risks are insufficiently managed or mitigated.

An independent review (‘Building Trust In Digital Government’: A Review Of Personal Data Handling In The Cabinet Office) was commissioned following a high profile data breach in December 2019. The review identified systemic inconsistencies in data processes, controls and culture across Cabinet Office and that there is a significant risk that further and more impactful breaches will occur as the amount of personal data being handled by the Department increases.

The independent review of the Cabinet Office’s personal data handling practices proposed recommendations to enhance the overall risk management of data privacy across the department.

The Cabinet Office needs to implement this work prior to end December 2020
Problem to be solved
The independent review of the Cabinet Office’s personal data handling practices proposed recommendations to enhance the overall risk management of data privacy across the department.

Recommendation 1: Enhance accountability and governance
Aim: Establish unified leadership for personal data handling supported by extension of existing best practice delivery in Cabinet Office to increase consistency of delivery.

Recommendation 2: Reward the right behaviours and recognise skills
Aim: Strengthen existing business unit responsibilities through active identification and promotion of personal data handling experts.

Recommendation 3: Confirm a new Data Strategy
Aim: Define a new Data Strategy aligned to Cabinet Office values and Digital Government ambitions which will inspire current and future Cabinet Office resource.

Recommendation 4: Be transparent on progress
Aim: Develop the execution oversight and data analysis required to demonstrate progress on maturing data delivery capabilities to all stakeholders.

Recommendation 5: Refresh Training and Guidance
Aim: Rebuild Training and Guidance to become accessible on a sustained basis by all Cabinet Office resource.

Recommendation 6: Establish consistent standards and technology controls
Aim: Achieve consistent leading standards and controls across personal data handling processes.
Who the users are and what they need to do
Cabinet Office staff, stakeholders and the wider external community
Early market engagement
Any work that’s already been done
Existing team
Existing Cabinet Office Data Protection Office; Digital Knowledge Information Management teams; Security; Information Assurance; 3rd Party Contracts team and the Chief Data Office
Current phase
Beta

Work setup

Address where the work will take place
Ordinarily in various locations across London

However during lockdown it is anticipated the majority of the work will be conducted remotely
Working arrangements
To respond as a result of this Requirements doc
Security clearance
BPSS/CTC

For clarity we do not need SC clearance

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Proven experience of Data Governance in FTSE 100 and / or Government programmes
  • Have experience of implementing regulatory data protection change
  • Have 5 years + experience in data practice
  • Be a good communicator
  • Have experience of process documentation
  • Have experience of developing data policies
Nice-to-have skills and experience

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
3
Proposal criteria
How the proposal meets the overall requirements
Cultural fit criteria
  • How you work : Must work with the Cabinet office BAU workstream owners to approve assets and artefacts must not work in isolation and delivery
  • How you solve problems : Must be open to challenge and be willing and able to think outside the box
  • Must have transparency and collaboration : Along with traceability of progress and demonstrate clear delivery
Payment approach
Fixed price
Additional assessment methods
Evaluation weighting

Technical competence

65%

Cultural fit

10%

Price

25%

Questions asked by suppliers

1. is there a current incumbent?
No, there is no incumbent

We have had a number of individuals working on our approach, and we have subsequently decided to consider a co-ordinated and consolidated solution
2. Is there a pre-determined budget for this work? Has the budget field been left unfilled for a specific reason?
1. Not at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
2. Yes. We do not have an accurate assessment of how much this work will cost
3. What is the budget for this workstream?
W do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
4. What is the budget for this task?
We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
5. Who conducted the Data Handling Review referred to in the opportunity?
Adrian Joseph

Here is a link to the Review

https://www.gov.uk/government/publications/building-trust-in-digital-government
6. Be a good communicator – what critera is this being evaluated against? what does 'good look like'?
1. This will be assessed in accordance with demonstrable successful communications as evidenced in your proposal

2. A track record of successful communications
7. Have experience of process documentation' – experinece of sitting on them? Reading them, working in accordance to them, creating them?
Understanding process documentation, with a view to successful execution
8. How you work : Must work with the Cabinet office BAU workstream owners to approve assets and artefacts must not work in isolation and delivery – what is the weighing of this question?
This is within the Cultural Fit criteria for which there is allocated a 10% weighting
9. With reference to the framework and the guidelines, given there are no nice to have questions, what method are you using to create a short list?
By using the shortlisting guidance identified on DOS, here is a link

https://www.gov.uk/guidance/how-to-shortlist-digital-outcomes-and-specialists-suppliers?_ga=2.133931662.1641827046.1595264991-189223359.1594906382
10. What is the indicative overall budget allocated and the approximate day rate that have been scoped for this project (we need to assess the required seniority)?

Is a single individual or a team required to fulfil the brief for this project?
We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise

We do not wish to be prescriptive at this stage to how you may fulfil the Requirements
11. Is there a set budget for this piece of work? If so what is it?
1. We do not have a budget at present.

2. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
12. Has any external supplier(s) been involved in the preparation of this project?
Yes

There were a number of parties involved in the publication of the Review, here is the link

https://www.gov.uk/government/publications/building-trust-in-digital-government
13. The specification references an "....independent review of the Cabinet Office’s personal data handling practices"

Was this review delivered by an external supplier(s)? If so, which one(s)?
Yes it was

You will find the appropriate detail in the following link

https://www.gov.uk/government/publications/building-trust-in-digital-government
14. "Early market engagement" and "Any work that’s already been done" have been left blank. Is this correct?
1. Yes it is correct

2. There has been no early market engagement

3. There has been a very small amount of work done by one or two individuals in order to consider the likely appropriate manner in which to proceed
15. Do you have currently or have you had in the past 6 months any consultancy organisation or individual supporting you on this work?
Yes

There has been a very small amount of work done by one or two individuals in order to consider the likely appropriate manner in which to proceed
16. Can you say more about the criteria "Be a good communicator" – what are you looking for in an ideal answer?
This will be assessed in accordance with demonstrable successful communications as evidenced in your proposal

By using the shortlisting guidance identified on DOS, here is a link

https://www.gov.uk/guidance/how-to-shortlist-digital-outcomes-and-specialists-suppliers?_ga=2.133931662.1641827046.1595264991-189223359.1594906382

2. A track record of successful communications
17. Please can you confirm if there is an incumbent supplier and if they will be quoting for the beta phase?
1. No, there is no incumbent
18. Have you conducted any internal research to understand internal capability and experiences in respect of current Data Protection practices and processes?
A review has been conducted, here is a link to the Review

https://www.gov.uk/government/publications/building-trust-in-digital-government
19. It's good practice for marketplace listings to include a budget range. Can you say why you have not done that in this case?
It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise
20. You write "Working arrangements To respond as a result of this Requirements doc" – can you elaborate on this please? What requirement doc are you referring to?
1. We believe we are likely to be flexible and do not wish to be prescriptive, particularly during the present working arrangements during Covid-19. Consequently we are keen to understand how you would prefer the working arrangements to be

2. We are referring to the requirements as articulated in the Supplier Opportunities on DOS. This is also referred to, in DOS, as 'Requirements'
21. What is the budget and timescale for this activity?
1. We do not have a budget at present. It is a little 'chicken and egg'. It is difficult to specify a detailed budget until we see the results of this exercise

2. The timescales are as published on DOS