Awarded to Parico Limited

Start date: Monday 9 August 2021
Value: £5,900
Company size: SME

Government Actuary's Department

Linux server security specialist

10 Incomplete applications

9 SME, 1 large

6 Completed applications

6 SME, 0 large

• Published: Wednesday 30 June 2021
• Deadline for asking questions: Wednesday 7 July 2021 at 11:59pm GMT
• Closing date for applications: Wednesday 14 July 2021 at 11:59pm GMT

Overview

• Specialist role: Cyber security consultant
• Off-payroll (IR35) determination: Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company
• Summary of the work: The cyber security consultant will configure the linux server to bring the security in line with the Cabient Office and NCSC guidelines. The individual is responsible for carrying out this work and ensuring it is tested, and any other best practice needed following approval from GAD.
• Latest start date: Monday 9 August 2021
• Location: London
• Organisation the work is for: Government Actuary's Department
• Maximum day rate: Up to £600 ex VAT per day. Standard 7 hour 12 minute working day, includes expenses to base location agreed with Government Actuary's Department. Additional expenses only paid with prior approval of the Government Actuary's Department.

About the work

• Who the specialist will work with: GAD's outsourced IT team provided by the Government Legal Department have worked to install and configure the Linux server. The individual will work with a small team of GLD infrastructure engineers and the GAD IT Security Officer and Technical Architect to ensure the Linux server is secured in line with Cabinet Office and NCSC guidelines, and integrated into the ongoing IT monitoring of the server estate. The individual will report on progress to the GAD project management team and the GLD IT manager.
• What the specialist will work on: The responsibility will be to lead the work to secure an on premise Linux server, completing the following:; - Harden the server by removing all non-essential services installed on the o/s; - Harden the network connection of the server. Shut down all extraneous open TCP/IP ports remove applications, secure all application connectiviy and encrypted or tunnelled through SSL, change TCP/IP ports from defaults; - Integrate Linux server into systems management and reporting used across Windows server estate; - Disable Wifi connectivity on the server; - Ensure the server can't connect outside the firewall; - Any other best practice steps

Work setup

• Address where the work will take place: Finlaison House, 15-17 Furnival Street, London, EC4A 1AB
• Working arrangements: Your primary location will be Finlaison House and you will be expected to work on-site as necessary to complete the work on the on premise server. GAD supports remote working when possible.
• Security clearance: SC clearance

Additional information

• Additional terms and conditions: All expenses must be pre-agreed between the parties and must comply with the Government Actuary's Department Travel and Subsistence (T&S) Policy.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • Have demonstrable experience installing and configuring on premise Linux servers to a high standard and in line with NCSC guidelines, in particular ensuring the security of data on the server
  • Ability to work with a varied delivery team
• Nice-to-have skills and experience:
  • Can demonstrate that they have the ability to identify opportunities to improve IT service offering
  • Have experience using Agile

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

• How many specialists to evaluate: 5
• Cultural fit criteria:
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative when making decisions
  • Take responsibility for their work
  • Share knowledge and experience with other team members
• Additional assessment methods: Interview
• Evaluation weighting:

  Technical competence

  65%

  Cultural fit

  10%

  Price

  25%

Questions asked by suppliers

• 1. Is there an incumbent/preferred supplier?: There is no incumbent or preferred supplier.
• 2. What is the estimated duration/budget for this role?: The estimated duration is 1-2 weeks. The estimated budget is £3,000 - 6,000.
• 3. Will the specialist require an existing SC Clearance or will you sponsor it?: We will consider sponsoring SC clearance for suppliers in line with HMG Personnel Security and National Security Vetting Policy: ; ; "It is government policy that individuals should not be expected to hold an existing security clearance in order to apply for posts that require vetting, except where such posts are short term and need to be filled urgently."
• 4. 1. Is the rate inside IR35?2. Are you open to processing SC clearance for an eligible candidate?3. How long is the contract for?: 1. The rate is inside IR35. ; ; 2. GAD will consider sponsoring SC clearance for a supplier.; ; 3. The contract duration is estimated at 1-2 weeks.
• 5. Will you put someone through SC Clearance or do they need have previous/current clearance?: GAD will consider sponsoring SC clearance for suppliers in line with HMG Personnel Security and National Security Vetting Policy:; ; "It is government policy that individuals should not be expected to hold an existing security clearance in order to apply for posts that require vetting, except where such posts are short term and need to be filled urgently."
• 6. Is there an incumbent supplier in place?: There is not an incumbent supplier in place.
• 7. Please can you confirm the contract duration?: The contract duration is estimated at 1-2 weeks.
• 8. What is the expected length of contract?: The estimated contract length is 1-2 weeks.
• 9. Can the resource being supplied be based outside of the UK, with the limited company through which the resource is provided be UK-based?: It is expected that the primary location will be Finlaison House and you will be expected to work on-site as necessary to complete the work on the on-premise server. Any resource provided will need to be available to work within the UK, specifically London to complete any on-premise work as required.
• 10. Will this role be considered inside or outside IR35?: This role is inside IR35.
• 11. Is there an incumbent?: No, there is no incumbent supplier.
• 12. This appears to be a short term contract of 5-10 days. If this is the case, the buyer will find it difficult to get candidates inside IR35 and the buyer should also not be taking the trouble of processing SC clearance, which itself can take around 6 weeks. They should look for already SC cleared candidates and take this role outside IR35. If they want to do it inside IR35 and sponsor SC then they need to have a longer contract term – at least 3 months, which looking at the budget, may not be feasible.: This is a short term contract of around 5-10 days. GAD will look for SC cleared candidates initially. GAD does not intend to change the terms of the contract to move it outside IR35.