NHS Test & Trace (T &T)

NHS Test & Trace Halo Platform Support Service

13 Incomplete applications

3 SME, 10 large

0 Completed applications

Important dates

Friday 30 April 2021
Deadline for asking questions
Friday 7 May 2021 at 11:59pm GMT
Closing date for applications
Friday 14 May 2021 at 11:59pm GMT


Summary of the work
Test & Trace seeks a partner to assume accountability & responsibility for delivering all activities for operational running and maintenance of Halo platform. This includes pre-defined build activity and further evolution to support the UKHSA organisation. The provider is expected to establish how the solution evolves to meet emerging demands.
Latest start date
Monday 2 August 2021
Expected contract length
24 months Maximum
Organisation the work is for
NHS Test & Trace (T &T)
Budget range
NHS Test & Trace anticipates the total cost for Halo support of up to £13m for initial 12 months based on current run rate.
The successful Supplier will be expected to scale resources up and down in accordance with the demand of the tenants using the Halo Platform based on benchmarked costs around agreed technical resources at capped SFIA levels.

About the work

Why the work is being done
Halo is a cloud-based IT platform which offers a secure, scalable, cost-controlled environment for services provided by NHS Test and Trace. It provides hosting for current and incoming applications on either AWS or Microsoft Azure alongside associated enabling services. It also provides end user facing capabilities including desktop environments, collaborative tooling, and day to day business applications. To date there are circa 40 tenants and ten thousand users on the platform. Tenants and Users can ramp up and down quickly depending on demand.
Problem to be solved
The Halo platform has undergone significant development since the start of the pandemic. This has taken place under the pressures of a national crisis and the platform continues to evolve, improve, and operate to support the wider T&T organisation.

Having delivered a capability which can support the critical operations of T&T the Halo team are looking to adjust their mode of operating. This incorporates:
• Continued support of critical Halo Platform services on the platform and wider T&T operations.
• Continuous Improvements of Halo Services, refactoring, and consolidation against existing activities to ensure this can be done in an efficient and risk-free way.
• Further evolution of the Halo Platform services to ensure it is secure and fit for purpose in the next phase of pandemic response, and to support the UK HSA organisation.
• Continued onboarding of new services and support for new demand from existing tenants.
• Managing standards, procedures and documentation in support of the Halo Platform capabilities and services.

This exercise will seek to identify the appropriate partner organisation to own and deliver this activity.
Who the users are and what they need to do
The Halo platform serves a vast number of different user types. Broadly these can be described as:

Indirect end users who make use of the applications which are enabled by Halo such as analysis tools to help establish the 'R' number, and Test and Trace applications used by the public. These users need a stable and performant platform to ensure that any and all use cases can be facilitated by Halo.

Direct end users, who make use of tools which are owned and managed by the Halo team such as collaboration tool sets. These users need a complete suite of IT tools which allow them to perform their roles in responding to the pandemic.

Application teams (tenants), including those developing and deploying tools, and those supporting end users of these applications. These users need to be able to understand how their services are operating and respond at pace to complex user demand.
Early market engagement
Any work that’s already been done
Halo platform is a standing service, initiated to support the pandemic response, and evolved to meet the changing needs. The platform currently supports circa 40 applications, 10,000 users, and expects a further 10 applications and 25,000 users be onboarded by July.

Development and evolution is ongoing during the procurement period and a roadmap for delivery is in place which will be shared with shortlisted suppliers to give a sense of scale of delivery. This roadmap is a living product and will continue to grow through to transition. The successful supplier will be responsible for owning and developing this when onboarded.
Existing team
The existing team is sized based on a substantial level of build activity to put the platform in place and onboard tenants. The future team is expected to move to sustainable resourcing levels to allow for both operation and evolution of the platform as the balance moves away from a significant build focus. Internal forecasts show the team size reducing by 50% by the time the successful supplier is onboarded. The current teams made up of different suppliers are provided for context only - Leadership team (~10); Management team (~25) ; Five Product teams (~90); Service team (~25).
Current phase

Work setup

Address where the work will take place
Test and Trace are based in London. Whilst some activity will be required at this location work may take place from supplier offices or remotely.
Working arrangements
The supplier should assume a level of on-site (in our London Offices) working for all individuals however this will not be full time 5 days per week. Once restrictions are lifted, the supplier may be required to collaboratively work on-site to allow sufficient stakeholder engagement and support to be provided). Supplier costs must be inclusive of all expenses.
Supplier is required to use approved online tool to provide time sheet information to Finance & Operations on a monthly basis.
Security clearance
Provider personnel (and sub-contractors) must comply with HMG Baseline Personnel Security Standard (BPSS) as a minimum. CTC clearance will be required in some instances. There may also be a requirement for some post holders to undergo SC clearance, if not already held and, in limited circumstances, DV clearance.

Additional information

Additional terms and conditions
Test & Trace will use the standard DOS 5 contract.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrable evidence of capability to rapidly stand up a large (~60-80 FTE within 6-8 weeks) programme team, and scale team sizes up and down at short notice.
  • Demonstrable evidence of 3+ years recent experience of designing, building and operating enterprise scale, cloud-based IT platforms and accelerators on AWS and Azure
  • Demonstrate recent experience deploying agile DevOps / SRE practices at scale to manage & evolve live services in a highly dynamic environment.
  • Demonstrable evidence of recent experience leading, creating and maintaining platform vision and translating this to delivery roadmaps in line with changing organisational demand.
  • Demonstrable evidence of an extremely high competency in deploying infrastructure as code and automation of cloud services using pipelines.
  • Demonstrable expertise in designing and implementing cloud networking services and security infrastructure.
  • Demonstrable experience in building, configuring, securing and operating large-scale Microsoft 365 estates including end user devices, both physical and virtual
  • Demonstrable evidence of highly experienced capability in Identity Management and securing cloud platforms using best practice and cyber security standards such as CIS, NIST, OWASP etc.
  • Demonstrable expertise in the Atlassian suite of tools, Splunk and Dynatrace tooling
  • Experience in operational support of cloud tooling platform, including but limited to: incident management; change management; problem management; application and infrastructure management; security management; running operational procedures; collaborative tooling support).
Nice-to-have skills and experience
  • Provide AWS and Azure Partner Status (please state level held only).
  • Demonstrate experience of Security Operations Centre capabilities.

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Onboarding & Transition
  • Overall platform management approach
  • Build & Run approach & Methodology
  • Technical Competence and Fit
  • Organisation, proposed team and ability to rapidly flex
  • Value for Money
Cultural fit criteria
  • Ability to function effectively and collaborate in a multi-supplier environment.
  • Working successfully in complex public sector organisations.
  • Approach to proactive issue management, problem resolution and improving ways of working.
Payment approach
Capped time and materials
Additional assessment methods
  • Case study
  • Work history
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Could the Authority share the procurement timeline for shortlist, evaluation, presentation and award?
The Indicative Tender Timetable is as below;
Publish Requirement in DOS: 30/04/2021
Clarification period: 30/4/2021 – 07/05/2021
Bidder Response Close: Friday 14 May 2021 at 11:59pm
Issue RFP to shortlisted bidders: 25/05/2021
RFP Close: 11/06/2021
Award Decision: 28/06/2021
Governance & Approvals: 09/07/2021
Award Notification: 10/07/2021
Contract execution: 23/07/2021
Onboarding / Transition: 26/07/2021
2. Could this service be performed remotely from overseas whilst retaining a small management/engagement team in London? If so, would India or China be acceptable locations...?
Whilst offshoring may be an option that is explored during the life of the contract, Halo cannot currently be supported from outside of the UK. Most of the technical resources will require SC clearance, so will be required to be UK based. Responses from organisations who do not have the capability to fulfil all requirements from within the UK will therefore not be considered.
3. Which technologies were used in building the Halo platform?
The Halo technology stack is engineered around a large range of Azure, M365 and AWS native cloud services and DevOps tooling with AAD used as the primary Identity Provider. Major tech components used in addition to Cloud PaaS include:
Ansible, Packer, Vault, Atlassian JIRA DC / Confluence DC / Bitbucket DC / Crowd DC / JSD DC / OpsGenie SaaS, Palo Alto Firewalls, Github SaaS, Miro SaaS, Slack SaaS, Splunk SaaS and Dynatrace SaaS. Workspaces and Windows Virtual Desktops are also heavily used for Desktop engineering.
4. Can you please specify the skill sets needed for support?
Skills required include, Platform Engineering, SecDevOps, SRE, Terraform, CloudFormation, ARM, Python, Bash, Relational and Non-Relational Databases. Deep expertise in cloud products, infrastructure and networking, particularly around Landing Zones and Account / Subscription vending. SME (SFIA 6) level skills required for Microsoft AAD and configuring and security hardening the full suite of Microsoft 365 E5 (Office, Windows and Security products)

24/7 Support required for L2 monitoring - SysOps and DevOps capabilities. L3 support from reach back into the Halo product teams with callout mechanisms. L4 support- 3rd party PaaS/SaaS services AWS / Azure / Splunk / Dynatrace / Trello / Miro.
5. What are the current ticket volumes for support?
Ticketing volumes are circa 500 per week supporting circa 10,000 platform users. Expected volumes to aid in supplier estimations are in the region of 1500 per week as users expand to 35000 users. Self-service will soon be rolled out to automate and reduce support ticket.
6. How many platform enhancements are in the pipeline? Can you share the feature list?
The roadmap is under continuous evolution and will be so for the contract duration. Currently the teams are delivering against a plan of ~100 committed epics for platform enhancement by end of July. A further ~50 epics exist on the roadmap for delivery under/post transition details to provided at RFP stage. This figure should be seen as a starting point for supplier plans; this will increase in volume and clarity over the coming months. In addition, part of the supplier’s responsibilities under platform evolution will be to establish the correct items to deliver against as the platform is further matured.
7. Are the 40 applications built on Halo included in the Scope of Support?
If yes, what are the technologies used in developing these 40 applications?
‘Application’ support for Halo tenants is not in scope for support of the Halo service. This will fall to application teams whilst the Halo team manages the enabling platform. L2/L3/L4 support for the Halo tenants (application teams) is in scope for any Halo Service they consume e.g. An ingress or egress firewall or JIRA etc.
8. Where is the Halo platform currently hosted?
The Halo platform is hosted on Azure and AWS Regions within the UK as well as the various SaaS capabilities.
9. Please can you confirm who your existing partners are in delivering this service?
There is no current organisation fulfilling the entirety of the ask described in this exercise. The current suppliers fulfilling various functions brought together within this procurement are a mix of large and small organisations. The large organisations involved are BJSS and Mastek.
10. Can you please clarify if a supplier can partner with another supplier and bid for this opportunity?
The Authority’s preference is to select a single service provider who may subcontract if they so wish under the agreed terms & conditions.
11. Can some of the roles be delivered using a global delivery model subjected to appropriate security constraints?
Whilst offshoring may be an option that is explored during the life of the contract, Halo cannot currently be supported from outside of the UK. Most of the technical resources will require SC clearance, so will be required to be UK based. Responses from organisations who do not have the capability to fulfil all requirements from within the UK will therefore not be considered.
12. Can you kindly share the full technology stack that is used?
See response 3 for an overview of technology used. A full list of all AWS and Azure services will be shared at the next stage.
13. Will you allow Vendor to bring in their relevant accelerators?
All technology choices will be considered at the Authority TDA and where there is a need, we would welcome the use of accelerators. These will be subject to security and commercial review before they are accepted for implementation.
14. If vendor gets shortlisted to second round, how important is experience of Security Operations Centre capabilities?
SOC capabilities are not essential but are considered a nice to have.
15. Are you looking to replace all the existing vendor resources with 60-80 resources of new vendor? Can you provide how many resources from current team of 150 are from vendor and what are their skills, roles?
Yes, the current team size will be replaced with the requirements outlined in this procurement as we move from a foundation build stage into a continuous evolution run stage. Further details of team composition will be provided at the next stage, but the skills required are listed in the Essential skills and experience section of this procurement.
16. Can you share who is the incumbent vendor?
See response to Question 9
17. Please can you provide more detail on the ‘benchmarked costs around agreed technical resources at capped SFIA levels’ so that we can check that these are in line with our pricing.
All SFIA levels must match the skills and experience required for a role, and suppliers should be confident that the individuals put forward are in line with these levels. A blend of resource is expected however these should not include any roles above SFIA 7.
18. Is TUPE is in scope for this opportunity?
We do not anticipate TUPE to apply in this instance.
19. Would it be acceptable for Suppliers to use more than one example in each answer?

Log in to ask a question