This opportunity is closed for applications

The deadline was Friday 22 January 2021
Ministry of Justice

HMPPS: Managed Services

16 Incomplete applications

11 SME, 5 large

32 Completed applications

16 SME, 16 large

Important dates

Friday 8 January 2021
Deadline for asking questions
Friday 15 January 2021 at 11:59pm GMT
Closing date for applications
Friday 22 January 2021 at 11:59pm GMT


Summary of the work
The MoJ seek a managed service provider to help develop three programs for the prison and probation service. A supplier team will work alongside civil servants and other contractors in HMPPS Digital. We anticipate that this discovery will develop web-based solutions to be used by prisoners and prison staff.
Latest start date
Monday 15 March 2021
Expected contract length
Organisation the work is for
Ministry of Justice
Budget range
The total budget for this contract is circa £3 million

About the work

Why the work is being done
HMPPS Digital, part of MOJ Digital and Technology has committed to replacing the National Offender Management Information System (NOMIS) system by 2025. The NOMIS system is the principle information database for offender management in HMPPS public prisons and is one of several monolithic legacy systems in HMPPS Digital.
HMPPS Digital intend to exit from existing legacy systems by 2025 as part of a strategy to transform the prison and probation services to be more effective at reducing re-offending and increasing work efficiency across the departments. This is a complex challenge and there are multiple legacy systems which Prison and Probation rely on to run existing processes and move data.
The MoJ is seeking a managed service provider to design, build and test three new programs to replace current functionality within Nomis.
The successful provider will work with the MoJ and end users for up to 24 months to handle transition from the legacy system into the live environment.
Problem to be solved
The replacement of NOMIS will realise MoJ's ambition to improve the operational capabilities across the Prison and Probabation service. We are focused on the development and roll-out of three core programs; 'Calculate A Sentence', 'Create and Manage A License' and 'Prisoner Transactional Services'.
The appointment of a managed service solution provider will enable HMPPS Digital to identify the scope and form the new programs will take. The service provider will deliver Discovery work, and if agreed, the Alpha and private Beta phases of the project.
The key priorities are;
1. Discovery phase – to capture and document current requirements including User, Technical, Business and identify appropriate KPI’s and SLA’s. Make recommendations regarding best practice and emerging statutory requirements and/or technologies.
2. Alpha phase – to design and develop three prototype programs which will be tested by a small group of users and feedback assessed.
3. Beta phase – to further develop the program against the demands of the live environment, assessing scalability.
4. Review the outcomes from the testing phases to continually improve the live service.
Who the users are and what they need to do
Users for all three programs will be staff working inside the prison and probation service, as well as the prisoners themselves.
The MoJ is seeking to improve accuracy in the system to facilitate the processing of prisoners. We also seek to improve methods of communication for prisoners to keep in touch with legal counsel, family and friends.
Early market engagement
Any work that’s already been done
Existing team
The supplier will be working with MoJ stakeholders across the prison and probation organisation, including Service Owners and Product Managers in the Discovery phase, as well as prison and probation officers and prisoners in the alpha and beta testing phases.
Current phase
Not started

Work setup

Address where the work will take place
10 South Colonnade, Canary Wharf, London E14
Working arrangements
Most work will be completed remotely i.e. homeworking, however there is a requirement to work with civil servants across various sites to develop and test programs in the live environment. This includes prisons.
Security clearance
The successful provider will ideally have SC clearance or will require SC clearance to complete the contract.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • In-depth understanding and experience of presenting clear, compelling, evidence-based recommendations for change based on primary and secondary research.
  • In-depth understanding of user-centred research, and associated methods, tools and techniques that support these.
  • Experience of leading discovery research and analysis in an agile delivery environment, and ability to apply agile methodologies to their work, including service assessment.
  • Ability to communicate with stakeholders clearly and regularly, being an advocate for user needs and GDS principles, standards and working practices.
  • Ability to conduct interviews with stakeholders to understand their needs and motivations.
  • Experience conducting primary and secondary research, in-depth analysis of data, and clear and concise reporting on findings.
Nice-to-have skills and experience
  • Experience in managing a discovery project; identifying digital roadmap for transition out of legacy programs and successful alpha and beta testing to live.
  • •Knowledge of technological standards, including: any technological requirements necessary for pilots to align with Government Digital Standards; appropriate security and safety requirements for pilots to comply with HMPPS and MoJ.
  • Experience with the prison environment.
  • NCSC Cyber Essentials
  • (if work progresses beyond alpha, Node and Java development capability)
  • Familiarity with ISO27001
  • All people will require SC clearance

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • •Explain how your approach and methodology will deliver a successful discovery project for transition out of the NOMIS legacy system.
  • Detail your working approach to developing system change while working alongside a variety of stakeholders.
  • Explain how the approach meets MoJ's policies and goals.
  • Provide a project plan of what your team intend to deliver during the Discovery phase (8 weeks), Alpha phase (6-8 weeks) and Private beta phase (5 months)
  • •Provide an example team structure for delivering each stage of this work. Provide an accompanying SFIA rate card for each team member, and Definitions criteria for each SFIA rating.
  • •Demonstrate how your solution will deliver value for money.
  • •Please provide a Statement of Work for the first 8-week discovery period
Cultural fit criteria
  • Work collaboratively with HMPPS Digital and staff in prisons and probation.
  • Demonstrate leadership in presenting innovate solutions.
  • Ability to work with a mixed ability group of stakeholders.
  • Help MoJ to understand future landscape.
  • Avoid 'group think' decision-making.
Payment approach
Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Can you please advise the timelines of this procurement (e.g. shortlisted companies notified, anticipated contract award)? Also, can you confirm if shortlisted suppliers will have the opportunity to present?
We would expect the contract to mobilise around mid-March. More information around timelines can be found here: Shortlisted suppliers will be asked to present.
2. Who from your team will be scoring applications for this opportunity and what positions do they hold?
The evaluation of this contract will be assessed by the service owners and programme managers incumbent on NOMIS, alongside technical and product management team members.
3. Please can we double-check whether all team members will require SC clearance, or is it only those team members with access to live production data?
Will HMPPS support the SC clearance process for team members requiring clearance?
Are team members requiring SC clearance able to start work once the clearance process is underway and pending their clearance being granted (this is the case on other of our government engagements requiring clearance)?
SC clearance is managed by a third-party and not the MoJ directly so we do not support any applications. It is the responsibility of the supplier to ensure that its staff are cleared to the required level to complete the workstreams required. Sensitivity around data may dictate whether SC or BPSS clearance is required but the expectation is that only cleared staff can undertake the core work.
4. What legacy systems are you currently operating on?
NOMIS Databases:

Oracle Database 11g Enterprise Edition (GIPSU Apr 2020)
Grid Infrastructure + Database + Oracle Streams (used for replication) + Data guard

NOMIS application:

Oracle Weblogic 10.3.6
Oracle Forms and Reports 11gR2
Java version 1.6.0_43
For Nomis application to work on client machine it needs - Internet Explorer 8 or Internet explorer 11 & Java version 1.60_43
5. Can you buyer provide more detail on the technology already implemented.
Answered in Q.4
6. How compliant is the current National Offender Management Information System (NOMIS) to the current Government Digital Standards?
It is not compliant.
7. Is the buyer able to give an indication of how the budget will be split across the Discovery, Alpha, Beta, Live phases.
No. Further information regarding the timeframes for work delivery can be found here
8. What are the other key legacy systems that NOMIS integrates with?
Integrations are with business objects universe for reporting and downstream processes. There are numerous application and systems that take extracts from NOMIS and feed onwards. Functionality exists to extract data via triggers and queues to push data into other system such as OASYS, The new digital services now trap events in the NOMIS database and fire pub/sub messages for any interested service which need to know about changes to a prisoners situation. For example when prisoners are moved or released systems like Delius will be automatically informed.
9. What access, if any, will there be to Prison Officers, Probation Officers and Prisoners in the Discovery phase?
There will be some access governed by operational requirements and COVID restrictions.
10. Are Private Prisons excluded from this? Do any of them use NOMIS?
Yes, private prisons are excluded. Yes, private prisons use some NOMIS functionality.
11. How many MOJ stakeholders will be available during the Discovery phase?
The authority will be providing limited resources in support of this piece of work. However, it is imperative to state that the delivery of workstreams, agreed upon with the successful supplier, are the responsibility of the Managed Service to deliver.
12. Do you already have a panel of users (staff and prisoners) with which the winning supplier can conduct user research in Discovery and beyond?
Not currently however we would work collaboratively to build a comprehensive team to assist in the Discovery.
13. Will you provide the winning supplier staff / subcontractors with HMPPS equipment with which to undertake the work e.g. for security reasons or do you require the winning supplier’s staff / subcontractors to provide this? If the later, do you require that equipment conforms to Cyber Essentials Plus?
Laptops may be provided subject to availability.
14. Can you elaborate more on the nice to have criteria: “appropriate security and safety requirements for pilots to comply with HMPPS and MoJ.” – have these requirements been published in the public domain so we can refer to them when answering?
Appropriate security guidelines will be complete at point of contract commencement.
15. In the Nice to have criteria, “Familiarity with Prison environment” are you talking about an understanding of how the prison system and prisons work or particularly thinking about familiarity with the IT environment in prisons?
Both, as all cover the contract aims and outcomes.
16. In the Nice to have criteria “Familiarity with ISO27001 – are you looking for any specific aspects of that standard? – can you advise how you will mark a response as ‘exceeds’ for this criteria?
Bidders should indicate if they have achieved compliance, or if they have any relevant knowledge of the standard and can evidence.
17. In the Nice to have criteria, for “All people will require SC clearance” – are you looking for evidence from previous work of our ability to supply SC-cleared individuals?
Answered in Q3
18. Will HMPPS support the application for SC clearance on behalf of our consultants? Are consultants able to start work once the clearance application has been made, but pending their formal clearance? Do all consultants need SC clearance or only those with access to production data/systems?
Answered in Q3
19. Do you have any plans or constraints around reusing technology solutions across different elements of your new services? How much thinking have you done and what types of things have been decided about the new architecture you want to move to?
No, as long as all IP is retained by MoJ, all code is made available in our public code repository, matches our approved technical stack and adheres to our coding standards and GDS.
20. Can you give some more clarity on the types of tasks that you expect prisoners will need to use the service for?
Initial plans are centered around email transactions to probabtion, legal services and friends/family. Any other communication devices etc will be agreed with the successful supplier before contract commencement.
21. Are all three programmes to commence in parallel?
Yes. All three projects will run concurrently.
22. "‘Calculate A Sentence’, ‘Create and Manage A License’ and ‘Prisoner Transactional Services’:
Are there appropriate production quality systems of record already in place to support these programmes?
If so, are those systems API-enabled and accessible?"
The driver for this work is to replace the legacy systems there will be a need to develop new data stores rather than writing back to the existing systems of record
23. Could you please advise what is required to demonstrate in our answers for “(if work progresses beyond alpha, Node and Java development capability)”?
Suppliers should refer to staff's previous commercial experience which evidences ability to use Java and node, as reflected in the rate card.
24. Across each of the three core programs mentioned in the notice, is the intention to run 3 separate discovery activities to elicit next steps or run a single discovery accounting for all 3?
The projects are not interdependent, therefore the solutions which fall out of discovery will differ for each. Where the supplier can identify synergies across all three systems this must be included as part of the discovery to inform and improve the functionality of all the programmes which sit in the prison estate.
25. Can you please confirm what team roles you anticipate being provided by the supplier and by the client?
We would expect the bidder to identify the resources they believe are needed to complete the outputs. Given the nature of the project it is anticipated that the following skillsets and expertise might be required during this programme;
Product ownership, Delivery Management, User researcher, Service design, Technical Architecture, Business Analysis. More information
26. Has MOJ Digital and Technology or HMPPS Digital had any assistance from external providers to date in relation to the NOMIS replacement and are there any incumbents currently working on the programme? If so, have ethical walls been put in place?
Yes, Syscon currently provide a managed service on NOMIS.
27. You mention that the supplier team will work alongside civil servants and other contractors in HMPPS Digital. Can you provide further detail on the respective roles & responsibilities of the civil servants, contractors and the supplier of the managed service.
Q.11 and Q.25 provide information.
28. Can you clarify the term “build” please. Is it to manage the design through the build phases or is the supplier also expected to undertake core service build including delivery infrastructure?
The objective of this contract is to identify the technical architecture of the new services, design the build phases, test the services and conclude findings. There is no scope for the supplier to expand to undertake wider delivery of the services or embed into the infrastructure long term.
29. We note the requirement for team members to have SC clearance. In order to maximise value for money at the Alpha/Private beta phase – would you consider a team structure whereby all of our staff who are dealing with requirements and engaging with live systems have SC clearance but we use some off-shore development capability? These off-shore staff will be unable to meet the requirements of SC.
Answered in Q3.
30. Can the MOJ confirm whether this £3m opportunity is for the NOMIS Discovery work, or for the Discovery, Alpha, and Beta work. The DOS page refers to all of these phases, but also includes reference to the supplier delivering the Discovery work and then only delivering the Alpha and Beta work if agreed, presumably between the supplier and the MOJ
This contract is for discovery work through to private beta for each workstream. More information can be found
31. Hi there – very grateful if you can confirm whether any of the nice to have criteria are expected to be y/n binary responses. Thanks very much.
No. Please refer to supplier instructions in the Digital Marketplace
32. Does the MOJ have an incumbent supplier delivering discovery or development work associated with the NOMIS system?
No this is the start of a managed service provider reshaping three core projects transitioning from NOMIS.
33. Do you have any exisiting process documentation work completed (is there any other supplier in there?)
34. Can the solution be fully cloud based?
No. There will still be reliance on legacy databases for an unspecified amount of time.
35. Are there any on-premises requirements?
Given the need to liaise with civil servants and prison staff, there is an on-premises requirement however the contract will be remote inline with national lockdown requirements until such time as these are lifted.
36. What are the specific requirements for ISO27001?
MoJ will define our specific security requirements to the successful supplier before contract commencement.
37. Is there any expected Migration of Data?
38. Will there be dedicated resource assigned to the project within the MoJ?
Answered Q.11
39. Are there any other specific compliance requirements we need to satisfy?
40. Is there any expectation of integration with exisiting or legacy services?
Answered Q.24
41. For Nice-to-have skills “NCSC Cyber Essentials”, are you looking for a case-single study based response or can we talk about our broader capability/experience around NCSC Cyber Essentials?
Provide evidence of your capability around NCSC Cyber Essentials.
42. For nice-to-have skill “Familiarity with ISO27001”, are you looking for a single case study based response or can we respond with our broader experience talking about our familiarity with ISO27001?
Provide evidence of any compliance to ISO27001 on a previous project if possible.
43. The description of the opportunity indicates a budget of £3m for the work.  Please can you confirm if this budget covers Discovery, Alpha and Private Beta for the 3 programmes being replaced or just the Discovery phase work?
The budget refers to all three phases. More information here
44. Please can you provide more detail on the architectural landscape that the three new programmes will exist within highlighting e.g integrations with legacy systems, data types and sources?
We can provide more detail to shortlisted suppliers in the DOS process.