Provision of ADS Develop as a Service
6 Incomplete applications
4 SME, 2 large
5 Completed applications
1 SME, 4 large
- Tuesday 3 November 2020
- Deadline for asking questions
- Tuesday 10 November 2020 at 11:59pm GMT
- Closing date for applications
- Tuesday 17 November 2020 at 11:59pm GMT
- Summary of the work
Army Digital Services undertakes software application development to meet the needs of the Army and wider Defence partners. There is a requirement for development outcomes to be delivered through specialist technical resource for existing and new applications.
Cyber Risk Assessment Reference is RAR-CMSA77V2 (Moderate)
- Latest start date
- Monday 1 March 2021
- Expected contract length
- 2 Years with an Option to extend for a period of upto 6 Months
- South East England
- Organisation the work is for
- Army Digital Services, Army HQ
- Budget range
- The Authority will not be releasing the Budget for the Core requirement as we want to ensure VFM is achieved via competition. Please note there will be a non-guaranteed Limit of Liability of c£22M for additional requirements throughout the duration of the resulting Contract based on approved BCs. These additional requirements will be through an agreed Tasking Order Form.
About the work
- Why the work is being done
- The ADS DaaS will provide a cost effective, flexible and scalable development service that can meet the demands of the Army’s application development ambition which is delivered by ADS. This is in order to support and deliver enhancements to the existing application services and also meet new requirements by providing specialist technical development resources.
- Problem to be solved
DaaS will be responsible for the provision of outcomes consistent with the full DevSecOps cycle for the delivery of software applications. This is inclusive of, but not limited to:
• Business Analysis outputs. Including Discovery and outcomes in support of Agile project teams throughout development.
• Software development outputs, with particular emphasis on Oracle APEX and .Net.
• Test/Quality Assurance outputs, with particular emphasis on Oracle APEX and .Net.
• Scrum Masters and other Agile projects roles.
IF YOU REQUIRE A COPY OF THE STATEMENT OF REQUIREMENT PLEASE E-MAIL: Toni.Prince177@mod.gov.uk
To Note: The Technical Evaluation (70%) will be divided as follows:
- EOI - 5%
- Technical - 42%
- Case Studies - 6%
- References - 2%
- Presentations - 15%
- Who the users are and what they need to do
- As a Software House ADS needs to secure technical outcomes from specialist resource in order to continue to deliver applications and services to the Army business areas.
- Early market engagement
- Any work that’s already been done
- Existing team
- The existing DaaS teams consists of around 80 Business Analysts, Developers, Testers, Scrum Masters and Delivery Managers. These resources operate within the ADS framework which is a multi-vendor environment with enabling support provided by military personnel and crown servants.
- Current phase
- Address where the work will take place
- Army Headquarters, Andover, SP11 8HT
- Working arrangements
The supplier will deliver in line with ADS direction and in accordance with the ADS operating model, policies and standards. ADS uses Azure to provide a remote development capability. Once code is ready for deployment it is brought onto ADS on-premise cloud dev/test environments, to be deployed through the DevSecOps pipeline onto the Army Hosting Environment via system integration/security testing/pre-production.
Expenses are to be in accordance with MOD Statement of Business Travel Guide. Costs will not be paid to and from the normal place of work.
- Security clearance
- All teams members will require security clearance. The minimum acceptable level is BPSS. On a case-by-case basis some resource will require SC.
- Additional terms and conditions
- DEFCON 5J (Edn 18/11/16) Unique Identifiers, DEFCON 76 (Edn 12/06) Contractors on site, DEFCON 129J (Edn 18/11/16) Electronic business Delivery Form, DEFCON 513 (Edn 11/16) Value Added Tax, DEFCON 516 (Edn 04/12) Equality, DEFCON 518 (Edn 02/17) Transfer, DEFCON 531 (Edn 11/14) Disclosure of Information, DEFCON 534 (Edn 06/17) Subcontracting/Prompt Payment, DEFCON 537 (Edn 06/02) Rights of Third Parties, DEFCON 550 (Edn 02/14) Child Labour/Employment Law, DEFCON 566 (Edn 10/20) Change of control of contractor, DEFCON 642 (Edn 06/14) Progress meetings, DEFCON 658 (Edn 10/17) Cyber, DEFCON 694 (Edn 07/18) Accounting for Property of the Authority.
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
- Essential skills and experience
- Demonstrable experience within the last 3-years of delivering multiple, concurrent and complete Agile delivery-teams comprising Scrum Masters, Testers, Developers and Business Analysts, to meet business requirements. (0.25%)
- Demonstrable experience of delivering services into an Agile/DevSecOps organisation. Working within SCRUM/Kanban frameworks within multi-skilled development teams capable of contributing to the team beyond development. (0.25%)
- Demonstrable experience within last 3 years of delivering SFIA level 5 (or higher) development resources with a minimum of 5 years’ recent experience in Oracle APEX outputs. (0.25%)
- Demonstrable experience of delivering SFIA level 5 (or higher) development resources with a minimum of 5 years commercial experience with Microsoft .Net and frameworks such as React. (0.25%)
- Demonstrable experience within last 3 years of delivering SFIA level 4 (or higher) Manual and Automated Test resources, using Selenium and Cypress based testing frameworks. (0.25%)
- Demonstrable experience within last 3 years of delivering SFIA level 5 (or higher) Scrum Master, Business Analyst and Delivery Manager resource. (0.25%)
- Demonstrable experience in SQL Server, SSRS/Power BI. (0.25%)
- Demonstrable experience in PL/SQL, Oracle Database 11g/12c, BI Publisher and WebLogic server, Oracle RESTful Data Services (ORDS), ApexSec Security Console. (0.25%)
- Demonstrable experience of providing DevSecOps expertise to build and manage applications using container technologies and application security tools. (0.25%)
- Demonstrable expertise in automated unit testing using tools and frameworks including utPLSQL version 3, SQL Developer, MSTest, NUnit and XUnit. (0.25%)
- Demonstrable experience with last 3 years of successfully integrating systems via APIs, including on-premise and other cloud-based services, including Azure and Amazon AWS. (0.25%)
- Demonstrable experience within last 3 years of building secure web applications that manage personal/sensitive data in-line with sector security/compliance regulations (eg, JSP 440 for the MoD sector). (0.25%)
- Demonstrable experience in developing RESTful web services across different technologies and securing those services via OAuth2. (0.25%)
- Demonstrable experience using Static Code scanning tools to diagnose security issues within applications. (0.25%)
- Demonstrable experience in Windows 2012 R2/2016, 2019, Red Hat Linux 6.x and 7.x operating systems. (0.25%)
- Demonstrable experience of developing and supporting the release applications using ALM tooling including technologies such as Git, TeamCity 9.x., Confluence, Ansible, JIRA and TFS/Azure DevOps. (0.25%)
- Demonstrable experience of using Behaviour Driven Development (BDD) using tools such as Cucumber, Specflow and Test Driven Development (TDD) using tools such as XUnit and NUnit. (0.25%)
- Demonstrable experience within last 3 years of delivering applications and services exploiting some of the following - cloud services, low code such as MS PowerApps, Flow and Dynamics. (0.25%)
- Nice-to-have skills and experience
- Experience of working within Government Digital Services (GDS) standards. (0.25%)
- Demonstrable experience within last 3 years’ experience of providing SFIA level 4 to 6 developers for some of these development technologies Java, Go, Python and Node JS. (0.25%)
How suppliers will be evaluated
All suppliers will be asked to provide a written proposal.
- How many suppliers to evaluate
- Proposal criteria
- Provide a summary of ADS’ requirement and your proposed solution. (6.00%)
- Explain how you’ll meet ADS’s requirement. How this approach/methodology will meet ADS’ policy goals/user needs. What you’ll deliver, how it will continue to be managed to ensure ongoing quality. (8.00%)
- Describe the approach for transition and commencement of service. (4.00%)
- Provide evidence of skills and experience of the team who will be doing the work and how these will meet ADS’ essential and desirable requirements. (5.00%)
- Provide the team structure, roles and responsibilities and explain how this will integrate within ADS and maintain continuous development activity. (4.00%)
- Explain your ability to mobilise the team resources and scale up or down quickly. (3.00%)
- Explain how you plan to retain key resources/skills for the duration of the contract and your approach to maintaining service continuity. (1.00%)
- Explain how you will ensure quality and consistency whilst maintaining flexibility for ADS to meet evolving business requirements. (3.00%)
- Explain how the proposal will optimise costs and generate efficiencies, including minimising transition costs between the current team and the new supplier. (3.00%)
- Provide any KPIs and SLAs that you would be prepared to commit to for this contract. (2.00%)
- Describe any risks and dependencies associated with your proposal and how you will manage them. (1.00%)
- Describe your exit plan for the transition to an alternative supplier at the end of the contract. (2.00%)
- Cultural fit criteria
- Evidence your success in working with a product owner to derive requirements. (1.00%)
- Evidence your commitment to an open and collaborative working relationship at all levels with a no blame culture embraced. (1.00%)
- Evidence your commitment to working collaboratively within a multi-vendor delivery environment with effective communication and co-ordination across stakeholders. (2.00%)
- Explain your plan to add value to ADS through the use of innovation and continuous improvement. (1.00%)
- Payment approach
- Capped time and materials
- Additional assessment methods
- Case study
- Evaluation weighting
Questions asked by suppliers
- 1. Can the authority please confirm the IR35 status of any resource supplied under this engagement?
- Deliverables will be outcome based with the detail of the outcomes clearly specified in the Contract & Monthly Statement of Work (SoW). Suppliers will tell workers what is required of them to deliver the Contract/Monthly SOW and each individual will be under the day to day direction and control of the supplier. The Supplier will be held accountable for non-delivery of the requirements. The Authority does not care who the supplier sends to perform the work/delivery of service providing they are appropriately Suitably Qualified as detailed within the SOR. In view of this, IR35 does not apply
- 2. Can the Authority confirm if there is an incumbent supplier for this service and, if so, the name of the supplier?
- I can confirm the current supplier providing the outputs for the ADS DaaS requirement is Monitor IS.
- 3. Can the Authority confirm if there is an incumbent supplier for this service and, if so, the name of the supplier?
- As per clarification No 2.
- 4. We have the breadth of skills to deliver the services required and have the track record / reference ability from working with the MOD. We also supplier services to the MOD via some large SI's to the MOD for 10+ years. My concern is that you have a number of incumbent suppliers that will be better placed to become your single supplier. To help us decide to bid, what information will you provide us to help ensure this is an equal competition between incumbent and new suppliers?
- The Authority can confirm a fair and open competition will be held throughout. Ensuring VfM and EU Regulations are adhered to. All interested parties will receive the same information. There will be x2 SME evaluators within ADS and an independent evaluator with the appropriate SQEP to carry out the technical evaluations thus ensuring a fair and transparent evaluation. A Joint Evaluation Board will convene once the individual evaluations are carried out where a consensus score/comments will be agreed. This will also apply to those successful at EOI stage for the written proposal stage along with a separate commercial evaluation .
- 5. Will TUPE be a part of this contract
- Nothing in the current Call-Off Contract or the provision of the Services is expected to give rise to a transfer of employment to which the Employment Regulations apply.
6. We note in the Statement of Requirement that the Authority states: "It would not acceptable that this requirement is satisfied by off-shore resources routinely working outside the UK".
Please can the Authority clarify the definition of “routinely” here? Does this mean that any working outside the UK is prohibited entirely or that non-routine working is permissible?
Would non-routine working outside the UK (e.g. 4 days out of 5) be acceptable? This would allow for example a majority off-shored service provision from India or elsewhere.
- In the context of the SOR ‘routine’ means ‘normal practice’. Notwithstanding the current COVID imposed restrictions, all teams, and members thereof, would be expected to work collaboratively in Andover for regular and frequent periods over the life of the contract. A team based permanently overseas would not be acceptable to the authority for reasons given in the SOR.
- 7. We note that the Statement of Requirement states that "the current provision is split across two separate suppliers". However, we also note a previous answer to a clarification question which indicates that there is only one incumbent supplier. Please could the Authority clarify?
- I can confirm the current supplier providing the outputs for the ADS DaaS requirement is Monitor IS as mentioned at clarification No 2. I can also confirm Field Army command currently have a Contract with NetCompany. The Field Army command element does not form the core ADS requirement at this stage, however, may form part of the non-guaranteed Limit of Liability element by use of Tasking Order Forms. This is detailed in para 45 of the SOR.
- 8. Looking at the statement of requirements, it seems that the outcomes you are seeking as laid out in Para 45 are, “… the provision of resources to deliver the ADS DaaS requirement.” What are the key differences between this contract and a resource augmentation contract?
- The Authority is unable to offer a comparison between this requirement and a hypothetical alternative contract. However, the Authority's full requirement is articulated in the SOR.
- 9. Even in a complex environment like this, we would expect to see a team led by a SFIA 5 with SFIA 4 developers. Can you confirm why the authority considers SFIA 5 to be a “minimum” level when the SFIA website describes the difference of a SFIA 5 resource being substantially involvement in “the allocation of tasks/responsibilities to others”?
- As explained through the SOR, particularly para 44, the characteristics of the ADS environment are of small autonomous and self-organised discrete teams operating in a complex and highly integrated environment. Experience has shown that to reduce risk of delivery shortfalls to an acceptable level and maintain performance the given minimum SFIA levels are necessary. This also provides mechanism for like-for-like comparison of charging rates between suppliers. There is the opportunity for suppliers to provide additional rates for other (lower) levels associated with roles where it feels that these may be of use to the authority at some future stage.
- 10. In the SoR, you state that, “Where requested the supplier would be expected to justify SFIA levels.” Can you confirm what the process for this justification will be (for example will the authority be reviewing CVs prior to deployment) and what will happen in the event of dispute over suitability of team members between supplier and the authority?
- As described in para 46 of the SOR the Authority reserves the right to require evidence to justify the suitability of resources against the roles they are engaged in. This may be exercised routinely before on-boarding or alternatively when there are concerns raised about suitability at any stage. A CV would normally satisfy the evidence criteria if it detailed the areas mentioned in para 46. The authority would not be prepared to on-board or retain any individual where it remained concerned with regards to the suitablity.
- 11. If the authority retains a right to reject team members based on SFIA levels / years of experience, what measures will they put in place to ensure that the supplier remains autonomous enough to be responsible and liable for successful delivery of outcomes rather than simply providing a pool of contingent labour?
- The SOR describes the Authority's requirement and in our view this provides a baseline upon which the successful delivery of outcomes can be delivered. The implication of the question is that resources that fall short of the requirement should be used to deliver the solution. This would not be acceptable to the Authority.
- 12. Given that SFIA have de-coupled their levels from years of experience, and that you ask for both minimum SFIA level and years of experience, can you confirm that resources will have to comply with both of these measures before they will be allowed to work on this project?
- Yes, both measures are required because it is acknowledged that a SFIA level attained in a broad multi-facated technical discipline may not in itself equate to high degree of profiiency in a specific technology that ADS requires.
- 13. Will a supplier be penalised if they don’t use “years of experience” as a selection criteria for individuals on this project?
- 14. What influence will the successful supplier have over the underlying technology choices required to deliver the outcomes?
- The advice of any supplier on such matters would be welcomed. New technology decisions are made in fora with due consideration to a range of relevant factors.
- 15. Therefore, further to an earlier clarification, can the Authority confirm which of the following scenarios (A) to (C) (posted in a separate clarification question below) would be acceptable? (We humbly request confirmation of what the Authority would *accept* rather than simply *expect*).
- N/A - Please refer to CQ 16
16. We kindly request confirmation of which of these scenarios the Authority would *accept*:
(A)Between 1 worker and the full team working 50%-to-100% of the time overseas but in Andover when required.
(B)Between 1 worker and the full team working 1%-to-49% of the time overseas but in Andover when required.
(C)All workers working entirely from the UK; and present in Andover when required.
- Scenario C would be acceptable. Scenarios A and B are unlikely to be acceptable. The implication is that these describe non-UK based teams that would be available to travel to Andover as required. The authority is not able to pre-empt what proportion of time will be required for on-site working; this will be dependent on the evolving business requirement, stage of work and role at any particular time. More to follow at CQ - 17
- 17. The Clarification is the same as CQ 16 - however there were insufficient words remaining for the Authority to respond to and therefore the remaining response to CQ 16 is as detailed blow.
Follow on response from CQ - 16
Please note that there are complicating additional factors associated with: the award of security clearance to non-UK nationals and/or those individuals who reside overseas; the carriage of MoD equipments overseas; and the access to MoD networks from certain geographic locations. The Authority would need to consider and approve applications for any overseas working on a case-by-case basis with full details provided. Additionally, MoD policy and security regulations may change during the life of the contract.