Awarded to Layer 7 IT Security

Start date: Monday 2 November 2020
Value: £511,915
Company size: SME
Ministry of Housing, Communities and Local Government

Cyber and Technical Support for Councils

21 Incomplete applications

15 SME, 6 large

33 Completed applications

28 SME, 5 large

Important dates

Tuesday 8 September 2020
Deadline for asking questions
Tuesday 15 September 2020 at 11:59pm GMT
Closing date for applications
Tuesday 22 September 2020 at 11:59pm GMT


Summary of the work
Support local authorities to improve their cyber health by providing IT teams with advice, guidance and tools to make improvements to the security of their IT estate.
Latest start date
Friday 23 October 2020
Expected contract length
6 months
Organisation the work is for
Ministry of Housing, Communities and Local Government
Budget range
Expected to be up to £550,000 (excluding VAT).

About the work

Why the work is being done
As part of the Local Digital Declaration ( the MHCLG Local Digital team is looking to support councils in England to improve their cyber health and reduce their risk from malware and ransomware.
Problem to be solved
As part of the Discovery work into cyber security in local government, a survey of councils based on NCSC's tips for mitigating malware and ransomware ( was completed.

Based on the results, we are looking for a team to work with, and support, councils to make changes based on the findings through a process of engagement and creation of guidance, advice and tools (e.g. scripts).

Examples of the areas identified are central logging, use of NCSC's Active Cyber Defence tools, use of 2-factor authentication and security of backups.
Who the users are and what they need to do
The team will be expected to work with IT staff at local authorities and also engage with senior and strategic leaders on occasion.
Early market engagement
Any work that’s already been done
We have completed a Discovery phase which included a survey of councils based on NCSC's tips for mitigating malware and ransomware (

Our end of Discovery blog post can be found at:
Existing team
This work is focused on supporting technical remediation at councils. We will shortly be commencing work on the other recommendations from our Discovery phase and there is an expectation that this team will work in partnership with other workstreams including sharing learning and any other artefacts.
Current phase
Not applicable

Work setup

Address where the work will take place
The primary site is the MHCLG office located at 2 Marsham Street, London, SW1P 4DF.

However current circumstances mean remote working is the default.

Given the nature of the work is working with councils in England, travel may be necessary. Travel/expenses to sites should be included in your costs and will not be reimbursed separately.
Working arrangements
The supplier is expected to work alongside existing teams for face-to-face meetings. The supplier should demonstrate effective use of Agile principles and established project management approaches to enable progress to be monitored and issues resolved. The supplier will also be expected to work openly and allow anyone in the sector to have visibility of progress including blogging and show and tells.

Current working means much of this work will need to be completed via video calling so the supplier should be comfortable using products such as Microsoft Teams and Google Meet with cameras on.
Security clearance
CTC or above is desirable as staff will otherwise need escorting on site. If the successful supplier does not have CTC cleared staff, MHCLG will sponsor clearance. The supplier team will be expected to start this immediately after appointment.

Please make it clear whether staff have clearance when submitting responses.

Additional information

Additional terms and conditions
1. All outputs will be owned by MHCLG and published openly where appropriate using a suitable open license that supports reuse.

2. All materials/outputs derived from the contract shall be the property of MHCLG.

3. GDPR requirements will be discussed and agreed once the successful supplier has been notified (as part of discussions to agree the wording of the call-off contract).

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrate meeting skill requirements based on the anticipated composition of the team
  • Proven and demonstrable knowledge of IT security standards and asssesments such as Cyber Essentials, PSN, NCSC's 10 steps and Government Minimum Cyber Security Standard
  • Recent experience of working with NCSC's Active Cyber Defence tools
  • Recent experience of coaching and supporting existing teams and individuals on technical topics
  • Recent experience of working with local authorities
  • Recent experience of creating technical assets (e.g. guidance and tools such as scripts) for reuse by others
Nice-to-have skills and experience
  • Experience of presenting and explaining cyber and IT matters to non-technical senior leaders
  • Experience of 'working in the open' and regularly sharing findings with a wide audience inside or outside of the organisation

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Approach and methodology to the work
  • Identified risks and dependencies and potential approaches to manage them
  • The proposed team structure
  • Provide evidence of skills/experience/accreditation's of the team who'll be undertaking the work and how they'll work together
  • Value for money of the proposed approach
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Share knowledge and experience with others
  • Build trust quickly with users
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Demonstrate understanding of the local government landscape and the spirit of the Local Digital Declaration
Payment approach
Capped time and materials
Additional assessment methods
  • Work history
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. The links set out in the requirement are broken. Can you please provide the correct links.
The corrected links are:

Local Digital Declaration:

NCSC's tips for mitigating malware and ransomware:

Discovery blog post:
2. You ask for "Recent experience of working with local authorities." Does this have to specifically reference work with local authorities or is recent work with other parts of the UK Public Sector e.g. NHS, Central Government, Scottish Government equally valid?
Given the work is with English local authorities we are looking for a supplier on this occasion who has experience of working specifically with them.
3. The link to the NCSC report you reference does not work. Can you please provide an unbroken link?
A set of corrected links has been provided.
4. Is the deadline of the 22nd of September for a full costed proposal or the just the responses for the evidence of experience questions? If a proposal is required how would you like this submitted?
The deadline of 22 September is for suppliers to respond to the evidence of experience questions. Full proposals are not required at this stage.
5. Does the essential experience of working with local authorities have to be related to councils? Will you accept examples from local education authorities and other similar areas in local government?
Local education authorities are the local authorities with responsibility for education. We are looking to work with all local authorities in England.
6. Please can you confirm your expected format for "Demonstrate meeting skill requirements based on the anticipated composition of the team"?
We believe you are expecting: team names, roles, hierarchy, qualifications, skills and a brief description of each member. However this will not be possible in the 100 word limit.
At this stage you should provide a high-level description of the skills you think will be required and the type of roles in the team that will provide them.

The proposal will give a further opportunity to provide more detail on the team for those suppliers who are shortlisted.
7. Is/are there any incumbent supplier/suppliers who undertook the discovery work? If so, who are they?
There is no incumbent supplier. This is being treated as a new phase of work.
8. How many councils are in scope for this project? And who are they?
There are 350 in total in England, of which 339 are principal councils and are the primary focus for this work.

Where appropriate we will look to make guidance and any other reusable assets available to them all.

We have identified approximately 160 councils so far that may benefit from support. Once the work commences we expect to identify common issues or requirements that will reduce the effort required with later councils.

We are not able to disclose the councils, but they are all in England.
9. Are you looking for the supplier to work with one council at a time or multiple?
It should be possible to work with multiple councils.
10. Is there an incumbent supplier?
As previously stated, there is no incumbent supplier. This is being treated as a new phase of work.
11. How many councils do you anticipate the project working with over the 6-month contract duration?
As previously stated, there are 350 in total in England, of which 339 are principal councils and are the primary focus for this work.
12. Are you open to two companies partnering for a solution?
Yes, this is an acceptable approach provided one of the partners acts as the lead contractor.
13. Can you clarify that this opportunity is seeking a team to deliver against all 5 recommendations of the discovery report or is it just the technical remediation elements.
1. Cyber Health Framework
2. Cyber Roles
3. Peer Support
4. Training and Support
5. Technical Remediation
This opportunity covers just the technical remediation.
14. Can you please detail the locations of the councils?
We are not able to disclose the locations, but they are all in England
15. Your first question is about meeting the skill requirement based on the anticipated composition of the team but you don't specify in the details of the opportunity what you expect the composition of the team to be. Please can you provide this information in order to allow us to adequately respond?
We’re looking for suppliers to propose what they think is the best team composition to provide the skills they believe are needed to deliver the outcome.
16. On the 3rd question, are you looking for evidence of implementation of those active cyber defence tools that are only available to public sector organisations?
We are looking for evidence of use and/or implementation of those tools.
17. Please define what your interpretation of “Experience of 'working in the open'” is to assist us in providing the most suitable evidence.
In support of the Government Design Principle to “make things open, it makes things better” - - we expect suppliers to work as openly as possible. This may be through open backlogs, writing blogs, regular show and tells (that may be open to users / external participants) and making any products open e.g. publishing on GitHub or on a website.
18. To aid our understanding of the scope of work please would you clarify:
(a) your requirements regarding the creation of tools (e.g. scripts); and
(b) where any scripts are created are these expected or intended to be generic or tailored to the specific situations and needs of individual councils.
There is an expectation common, recurring issues will be found. There may be opportunities to develop artefacts such as PowerShell scripts that either assist with identification of the issue and/or correcting it.

Where appropriate, we would expect these scripts to be parametrised so they can be published and easily reused by the team but are also available once this phase of work is complete.