Awarded to People Source Consulting Ltd

Start date: Tuesday 1 June 2021
Value: £695,750
Company size: SME
Defence Digital Strategic Command

CCT 999 - ASSURANCE RESOURCE TO BASE SERVICES (MODNET BASE/IUS/EVOLVE) UK AND OVERSEAS PROGRAMMES

8 Incomplete applications

5 SME, 3 large

10 Completed applications

7 SME, 3 large

Important dates

Published
Wednesday 3 March 2021
Deadline for asking questions
Wednesday 10 March 2021 at 11:59pm GMT
Closing date for applications
Wednesday 17 March 2021 at 11:59pm GMT

Overview

Off-payroll (IR35) determination
Summary of the work
Provide Security Accreditation and Assurance guidance and support to Base, Evolve and IUS Projects and the Services they deliver.
Latest start date
Tuesday 1 June 2021
Expected contract length
4 Months Initial duration (options to extend for a further 2 x 6 Months, subject to budget approval)
Location
South West England
Organisation the work is for
Defence Digital Strategic Command
Budget range
The maximum amount of approved funds is
£820,800.00 (Inc. VAT)

Breakdown for technical experts:
Base - £432,000.00 (Inc. VAT)
Evolve - £216,000.00 (Inc. VAT)
IUS - £172,800.00 (Inc. VAT)

About the work

Why the work is being done
SME Required for SMITS C4IS/OSM SERVICE MANAGEMENT TOOLING CAPABILITY.
ITSM TECHNICAL ARCHITECTURE AND COMMON INTEGRATION LAYER SME
Assignment to run from 1st June 2021 until September 2021 (4 x months initial contract)
Problem to be solved
Requirement to provide Security Accreditation & Assurance knowledge and expertise for all MODNET (Base and Evolve) and IUS services
Who the users are and what they need to do
For the tasks required, the 'users' are the Internal Authority Project Teams and our Senior stakeholders.
Early market engagement
N/A
Any work that’s already been done
Projects have already been started or are in the delivery phase and as such, the tasks are about refinement, further development and operational requirements to finalise the solution
Existing team
The Existing Team consists of the following:
Base Services – New Style of IT
Evolve
Integrated User Services
Current phase
Live

Work setup

Address where the work will take place
Defence Digital, Ministry of Defence
Base Services (MODNET)
Programme Security & Governance Team
Bldg 405 | Floorplate F2 |
MoD Corsham | Westwells Road | Corsham | SN13 9RA
Working arrangements
Under C-19 restrictions, individuals will be required to work from home 5 days a week (or as agreed with their Line Manager) in order to support Project Teams in all of their Security Accreditation & Assurance activities.
Some travel to MoD Corsham may be required which will need 1* approval and be approved by the MOD COVID Travel regulations
Security clearance
Minimum SC – with at least 1 x DV cleared member of the Team valid for Contract duration.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Conduct Technical security reviews / approvals of Supplier and MoD Design and Test documentation for compliance with Defence Security policy. 20%
  • Working experience of JSP 604 Accreditation, a mandatory requirement under Rule 10 of JSP 604 (Network Joining Rules) enabling the NOA to issue the Authority to Operate. 15%
  • Experience of supporting delivery in a large scale IT Environment (200k+ Users) using M365 10%
  • Recent working experience and good understanding of the MOD estate (UK and Overseas), in particular Defence Digital and wider business practices in both the Official and Secret environments 10%
  • Providing recommendations to the team on the direction of key deliverables; security risks, issues identified, including raising, managing of security, risk-balance cases and other security related documentation artefacts. 10%
  • Coordinating technical security documentation in support of CyDR to achievement of accreditation. 10%
  • CISM, CISSP, ISO27001 Lead Auditor or ISO27001 Lead Implementor, 5%
Nice-to-have skills and experience
  • . Experience of Security Policy Framework (Oct 13) 5%
  • . Experience of “Security Policy Frameworks (Apr 14) mandatory risk management/information security outcomes”. MoD must deliver overarching responsibilities in information security, risk management and apply proportionate/effective protective security. 5%
  • Identification and management of security related risks to project delivery and Live Service. 5%
  • Management of security actions that arise out of Project Meetings and Security Working Groups. 5%

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
3
Proposal criteria
  • Solution and approach to the task set out above 25%
  • Suggested plan of action/milestones for delivery 20%
  • Value added activities which further improve delivery confidence 15%
  • Risks identified with approach suggested and the solution to manage those risks 10%
  • Capacity to be flexible with Project requirements 10%
  • Team roles and structure 5%
  • Value for money/maximising investment 5%
  • Approach to managing other suppliers 5%
  • Ability to quickly draw on/source other skills sets as and when required 5%
Cultural fit criteria
Experience with working with the MOD
Payment approach
Fixed price
Additional assessment methods
  • Work history
  • Reference
Evaluation weighting

Technical competence

60%

Cultural fit

5%

Price

35%

Questions asked by suppliers

1. Is there a current incumbent or preferred supplier for this programme of work?
We are unable to provide details of any incumbent Supplier information as this is "Commercial In confidence" and as this is a competition we would not show any preference in Suppliers at any point in a competitive procurement

Also Please Note the following:
Work being done section should read as follows;
Specialist Security advice to meet assurance activities is required in order to ensure Base, Evolve and IUS projects deliver key capabilities on time and fit for purpose.
Budget figures should read Base - £432,000.00 (Inc. VAT)
Evolve - £216,000.00 (Inc. VAT)
IUS - £172,800.00 (Inc. VAT)
2. Can you please confirm who the incumbent is for these services and if this will be Outside of IR35?
This Requirement is outside IR35
3. Can the Authority please confirm the size of the current team (if applicable), and the size of the team required under this scope of work?
We recommend that you respond to the requirements in the advert and propose a team size which will meet all the requirements and deliverable's covered in the scope of work.
4. Can you indicate/confirm how the budget sums referred to align with the initial contract period of 4 months.. or are intended to cover any of the extension options referred to as well?
The values placed within the Advert are split between the three Programmes (i.e. NSoIT £432,000.00 / Evolve £172,800.00 and IUS £216,000.00) for Security Resource over a 4-month period . These costs do not include any follow on Extension options (or their associated costs)
5. As the ‘projects have already been started or are in the delivery phase’ it has to be assumed an incumbent team is in existence & delivering this capability today, is this correct? And if it is, what is the current team size & skill set per individual team member?
That is correct, there is already an Incumbent in existence which is delivering capability today.
For the second part of the question (Team size & Skill Set) Please recommend your proposed team size and SME skill's in your response for delivering the scope of work and requirements in the advert.
6. The stated approved budget is £820,800.00. Is this for the initial 4-months only or does this include the two 6 month options?
The £820,800.00 (Inc VAT) is the Budget for the initial 4-Month Contract only. The 2 x 6-month Extensions have been costed separately and are dependent upon further Cabinet Office Approval
7. As there is an incumbent currently undertaking the security taskings, how far within the project have they progressed and if continuing to work at their present level will they complete the work within project tolerances?
The progress made by the current incumbent is not of relevance and will not be of consequence to the new incumbent. That said, the work undertaken across the programmes (i.e. NSoIT and IUS) to date, is meeting the requirements of the Projects that the incumbent supports.
8. Could the Authority please provide the most up to date version of the SPF – the version available online (May 2018) is out of date?
We are awaiting a response from the Cabinet Office to confirm that the current SPF online is out of date.