Start date: Friday 6 August 2021
Value: £2,466,950
Company size: SME
Department for Business, Energy and Industrial Strategy (BEIS)

Investment Security Unit - build of a digital service Beta phase, and provision of ongoing support

7 Incomplete applications

5 SME, 2 large

4 Completed applications

3 SME, 1 large

Important dates

Friday 11 June 2021
Deadline for asking questions
Friday 18 June 2021 at 11:59pm GMT
Closing date for applications
Friday 25 June 2021 at 11:59pm GMT


Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work
BEIS require a team with knowledge of GDS Design System, Accessible (WCAG 2.1 AA ) Development, MS Dynamics and Sharepoint within the Rosa Service, to build, test, run and support the application in private and public beta. Due to project timescales, active authorisation to work on Rosa is required.
Latest start date
Monday 26 July 2021
Expected contract length
11 months development, with an additional potential of 9 months application support
No specific location, for example they can work remotely
Organisation the work is for
Department for Business, Energy and Industrial Strategy (BEIS)
Budget range
Development begin as early as possible July/August 2021 in Private Beta
with a limited set of users onboarding by October 2021
MVP features be delivered and transiton to Public-Beta via GDS assessment by latest mid-December 2021. The system must be available to all users by the end of 2021. Further feature development iterations will be delivered by latest June 2022. Budget range for 11 months development and 9 months additional support is between £2M to £2.5M
Contract: call-off with statements of work (SoW) issued against phases. Progression to public beta contingent on private beta assessment outcome.

About the work

Why the work is being done
The National Security and Investment (NSI) Act which received Royal Assent on 29 April 2021, gives the Government new powers to screen investment, investigate and intervene in mergers, acquisitions and other deals that could threaten UK national security. The Investment Security Unit (ISU) a new operational unit in BEIS is responsible for managing the new regime created by the NSI Act. The ISU needs an IT system that can deliver three main requirements: 1) a public facing online portal into which acquirers/businesses submit notification as required under the NS&I Act. 2) a case management system (CMS) to enable the smooth handling of high volume of case work within statutory deadlines, to ensure good workflow management, and provide management information. 3) ability to work at SECRET, given the volume of commercially sensitive information being notified to Government, and the national security judgements that will be made on this information. An outsourced team is required to deliver Private Beta and commence Public Beta phase for the Investment Security Unit (ISU) digital notification and case management system to be available in public beta by end December 2021.
Problem to be solved
Businesses will be required to notify and submit information to BEIS regarding qualifying business acquisitions and transactions. The ISU will be required to initially receive and review these notifications, communicating case status changes back to notifiers, assessing and assuring transactions within a case management and workflow system. The system will enable caseworkers to manage cases within the statutory timelines. The system will cross 3 domains - public facing notification forms, Official-Sensitive data within the case management element and SECRET data held in the Rosa service, specifically Rosa docs.
Who the users are and what they need to do
As a representative of a business or investor submitting a notification I need:
- an easy way to notify HMG of a relevant business acquisition/transaction so that the entity I represent complies with its statutory and legal obligations.
- an efficient way to submit my notification, so that my application can be processed and I receive a decision in a timely manner
- clear support and guidance of how to best prepare the notification for submission, so that my notification is not delayed or rejected
- to understand the notification and decision making process, so that I can plan and schedule activity for the transaction
- my commercially sensitive data to be protected and appropriately handled, so that the business is not impacted by sensitive information being viewed by unauthorised person

As a BEIS Caseworker I need
- to be able to steward cases through the assurance process so that business transactions are assured within statutory timescales
- to invite and manage casework collaboration across Government Departments, so that relevant information is taken into account in decision-making
Early market engagement
Discovery and Alpha phase of this work was advertised and awarded via the Digital Marketplace , published 5 February 2021, awarded 22 March 2021
Any work that’s already been done
The project to deliver the ISU digital service is progressing through Alpha having completed and passed Discovery. Validation of hypotheses of the user journey, user needs, prototypes and overall service have occurred.
Existing team
The BEIS team consists of a Service Owner, Product Owner, Technical Architect and Delivery Manager
The lead Technical/Security Architect is for technical governance and oversight, and will also help to liaise with technical and assurance people in other departments. Supplier should include a Technical Lead
The Delivery Manager to act as conduit to BEIS Digital and Assurance. Supplier should include Delivery capability
These roles will work daily with the supplier's development and delivery team
Current phase

Work setup

Address where the work will take place
1 Victoria St, London SW1H 0ET and will follow government guidelines on Covid-19 restrictions and working remotely. There will be a requirement for entry to London Office sites to access sensitive material available on site.
Working arrangements
The customer team and other internal key stakeholders will be working with the supplier's team remotely in using agile as the delivery framework. This would include daily stand-ups, sprint planning and retro events. Where face to face meetings are necessary the supplier's representatives will be expected to attend, whilst co-location either remotely or physically will be the expected method of working. No expenses are included in the contract.
Security clearance
All staff must hold BPSS clearance as a minimum. For those who will work in the SECRET domain active SC clearance is required. For those who will work with the Rosa Service active DV clearance is required. Due to project timescales, active authorisation to work on Rosa is required.

Additional information

Additional terms and conditions
All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects. For further information please see the Information Commissioner's Office website

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience of building services which meet user needs (2%)
  • Experience of implementing MS Dynamics as a case management system (5%)
  • Experience of working with Rosa product set, especially designing and leveraging Rosa Docs, Rosa Mail including active authorisation to work on Rosa (5%)
  • Demonstrate your experience of designing and delivering a digital service processing SECRET information in alignment with NCSC Security Principles, or equivalent security standards, and taking it through Security Accreditation (3%)
  • Demonstrate your experience of designing a digital service for automating a business process covering different government departments or teams (3%)
  • Demonstrate your experience of conducting user research, considering this is a new service with a new user base of businesses and their representatives (lawyers etc.)(3%)
  • Experience supporting a production environment and supporting users (3%)
  • Experience of working in private and public beta, continuously iterating features and user testing (2%)
  • Experience of using a build, test, learn iterative approach to development and the Software Development Life Cycle (2%)
Nice-to-have skills and experience
Experience of building services which meet the GOV.UK guidelines for content design, service design and accessibility (2%)

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Demonstrate your approach, methodology and technical development strategy with a project that has similar technical and security requirements (10%)
  • Describe your Team structure, including estimated number of days per resource dedicated to project, and team members’ capability to successfully deliver this project (10%)
  • Provide a project plan with a detailed timeline including milestones for key deliverables and resource allocated for each sprint (5%)
  • Demonstrate how you will identify risk, assumptions, and dependencies, and how you will manage these (4%)
Cultural fit criteria
  • Demonstrate a user-driven approach, using research and evidence to challenge underlying assumptions (4%)
  • Demonstrate your ability to be transparent and work in collaboration with BEIS’s technical and non-technical teams, and other government stakeholders (4%)
  • Demonstrate how you will refer to BEIS at key decision points, facilitating quality control of work and escalating risks (2%)
Payment approach
Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Please advise who is the incumbent supplier on this service?
The Discovery and Alpha phases of this service where covered under a previous procurement with the details of who the contract was awarded to
2. If we were to get to the next stage of this process, would we be able to see documents detailing the Discovery and Alpha phases that have already been completed?
Yes we would make the discovery report available and the current view of the minimum viable features
3. Will the team awarded the Alpha phase be part of the BEIS team involved in this Beta phase?
The current supplier’s contract for the Alpha phase will end and a new contract or supplier will onboard for Beta.
4. Has it been decided if the public facing notifications system will be delivered via the website?
Yes, organisations notifying about acquisitions will do so on
5. Is the expectation that existing user research participants can/will be used during the beta phase, or if further recruitment is desired/required?
There may be a mix of existing user research participants and requests for further new participants. BEIS business liaison will give some support to recruit new participants.