Awarded to COMXPS Limited

Start date: Monday 23 November 2020
Value: £270,666
Company size: SME
Ministry of Defence - Defence Digital

CCT939 Security Assurance and Supply Chain Security specialist support

9 Incomplete applications

9 SME, 0 large

15 Completed applications

14 SME, 1 large

Important dates

Published
Monday 21 September 2020
Deadline for asking questions
Wednesday 23 September 2020 at 11:59pm GMT
Closing date for applications
Monday 28 September 2020 at 11:59pm GMT

Overview

Specialist role
Delivery manager
Summary of the work
Security Assurance co-ordination and supply chain security specialist support for the delivery of the Defence Networks Resilience (DNR) project Assessment Phase (AP) and produce the artefacts needed to achieve Full Business Case approval by June 2022
Latest start date
Monday 2 November 2020
Expected contract length
2 Years
Location
South West England
Organisation the work is for
Ministry of Defence - Defence Digital
Maximum day rate

About the work

Early market engagement
Who the specialist will work with
Civilian, Military and contractors within the MOD and wider Defence industry.
What the specialist will work on
1. Assessing the security of a supply chain (including the tools, people, processes and facilities of suppliers and their sub-contractors).
2. Site security inspections.
3. SAC (project security documentation [including the Risk Managed Accreditation Documentation Set] production).

Work setup

Address where the work will take place
Defence Digital, Building 405, Westwells Road, MOD Corsham, Corsham, Wiltshire SN13 9NR
Working arrangements
Flexible. All tasking will take place from MOD Corsham. You will be required to attend on-site at Corsham. Additionally, you will be required to attend meetings with potential suppliers at their premises. Travel and subsistence will be provided for travel between MOD Corsham and suppliers' premises working at MOD Civilian Rates.
Security clearance
Sole UK national – not dual national
Due to short timescales, DV Clearance must be in place prior to contract starting and for the duration, due to the projects the individual is required to work with.
Role is outside of IR35.
Cyber Risk Assessment RAR-9C8S5USK

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Be experienced at delivering Top Secret UK Eyes Only Code Word (TS UKEO CW) level project
  • Knowledge of Assessing and advising on Supply chain security for High security and high integrity networks including: Contractor’s people, processes and facilities and Sub-contract and extended supply chain security
  • Knowledge of MOD physical security requirements for assets and systems up to TS CW UKEO, assessing sites’ suitability
  • Experience of RMADS production or review for large scale defence high security networks
Nice-to-have skills and experience
Provide security advice for substantial “Assessment Phase” high security defence projects

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
3
Cultural fit criteria
  • have experience of working within defence and military environment
  • have experience of collaborative working with commercial partners
  • have a flexible, transparent and collaborative approach when making decisions (
  • have a no-blame culture and encourage people to learn from their mistakes
Additional assessment methods
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

1. Is there a current incumbent?
Is there is no current incumbent.
2. Please could you advise on the maximum daily rate for this position?
The overall budget for this task has been set at £650K excluding VAT, but as, at times in the contract, due to organisations approaches to providing different skill sets or workload there may be more than one person working on the task it is not possible to provide a daily rate.
3. Please can you confirm whether there is an incumbent for this role. If so, please can confirm their previous level of involvement.
There is no current incumbent.
4. Can the Authority confirm the Cyber Risk Profile associated with Cyber Risk Assessment RAR-9C8S5USK?
The Cyber Risk Assessment Profile returns as "N/A" as information will be processed on Authority IT at the appropriate classification.
5. Work arrangements say flexible but must attend site at Corsham. How many days per week would you expect someone to be on-site at Corsham?
Attendance at Corsham, other MOD or supplier sites, is as required to achieve the task and is at the discretion of the organisation carrying out the task. Attendance at Corsham may be required in person for discussion due to the information classification or access to certain IT systems.
6. Could the programme be supported with 3 days on site (Corsham) or does it require the Contractor to be based there 5 days per week?
Attendance at Corsham, other MOD or supplier sites, is as required to achieve the task and is at the discretion of the organisation carrying out the task. Attendance at Corsham may be required in person for discussion due to the information classification or access to certain IT systems.
7. Is there a current incumbent and also what level of attendance is required at Corsham or can an associate work largely remotely please?
There is no current incumbent.

Attendance at Corsham, or other MOD or supplier sites is as required to achieve the task and is at the discression of the organisation carrying out the task. Attendance at Corsham may be required in person for discussion due to the information classification or access to certain IT systems.
8. What is the customer budget for this task / Is there a maximum day rate associated with this task?
The overall budget for this task has been set at £650K excluding VAT, but as, at times in the contract, due to organisations approaches to providing different skill sets or workload there may be more than one person working on the task it is not possible to provide a daily rate.
9. Working arrangements are shown as 'flexible'. Without commitment, can you please give an assessment of the scale of effort – how many days per week or month spent on the project? What proportion of time spent on-site on Corsham?
Attendance at Corsham, or other MOD or supplier sites, is as required to achieve the task and is at the discression of the organisation carrying out the task. Attendance at Corsham may be required in person for discussion due to the information classification or access to certain IT systems.
10. Is there an indicative day rate or budget range for this project?
The overall budget for this task has been set at £650K excluding VAT, but as at times in the contract, due to organisations approaches to providing different skill sets or workload, there may be more than one person working on the task it is not possible to provide a daily rate.
11. Can you please confirm that the RAR code is correct, as the code provided isn't being accepted on the Assessment Portal
The Cyber Risk Assessment Profile returns as "N/A" as information will be processed on Authority IT at the appropriate classification.
12. Please can you advise what the maximum day rate is, for this opportunity?
The overall budget for this task has been set at £650K excluding VAT, but as, at times in the contract, due to organisations approaches to providing different skill sets or workload there may be more than one person working on the task it is not possible to provide a daily rate.
13. What is the overall budget for this project?
The overall budget for this task has been set at £650K excluding VAT, but as, at times in the contract, due to organisations approaches to providing different skill sets or workload there may be more than one person working on the task it is not possible to provide a daily rate.
14. Could the Authority please confirm whether there is an incumbent in this role?
There is no incumbent.