Tuesday 20 July 2021
Deadline for asking questions
Tuesday 27 July 2021 at 11:59pm GMT
Closing date for applications
Tuesday 3 August 2021 at 11:59pm GMT
Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work
Creation of an MVP domain checking toolset by integrating an existing prototype with commercially available third party services
Latest start date
Thursday 30 September 2021
Expected contract length
No specific location, for example they can work remotely
Organisation the work is for
Central Digital and Data Office
About the work
Why the work is being done
This work supports the Cabinet Office's priority to strengthen and secure the UK.
Secure government services depend on secure domain names. CDDO helps public sector organisations keep their domain names secure through guidance (Keeping your domain name secure), and providing focused support where needed.
There are several commercial services that can check the DNS and domains for issues, and CDDO has also developed its own prototype toolset that can be used alongside these.
The CDDO prototype toolset has been operating successfully for 18 months. We now want to create an MVP that:
- collects data from commercially available services selected by CDDO
- augments this with data from CDDO's prototype toolset, refactored as necessary
- brings together all the collected data, into a secure repository of known domains and issues
- allows the repository to be viewed, interrogated, filtered, and managed to allow the team to work through the issues, according to priorities, to resolution
- is of production quality, and able to be used and maintained by a small group of technical and non-technical staff.
CDDO will establish the necessary relationships, and provide the licences and support from the suppliers of commercial services.
To be completed by December 2021.
Problem to be solved
1. Onboard/design (~15%-budget)
Understand the current prototype, MVP specification and high-level solution architecture provided by CDDO. Provide a detailed design showing how the components will integrate to meet the MVP.
2. Build. Integrate outputs from the selected set of commercial tools, namely: (~15%-budget)
- DNS infrastructure and checks for changes
- domain discovery
- checks for domain issue-types
- manage results from different sources
- a database of domain issues, aligned with a new data model.
- tests to show which parts of the MVP are met
3. Refactor parts of the existing prototype toolset for functionality not provided by commercial services (~40%-budget)
- refactor prototype toolset
- integrate outputs into the database
- show which parts of the MVP are met
4. Present and analyse the data (~20%-budget)
- enable records to be manually updated individually or in bulk with additional information
- enable the repository to be sorted, filtered, viewed in tabular or graphical form, exported, and browsable for analysis
- enable users to generate summary reports for specific stakeholders.
- Show that all requirements in the MVP are met
5. Operation (~10%-budget)
- train users in using the toolset.
- train technical staff in maintaining the toolset.
Who the users are and what they need to do
Users of the domains toolset:
As a member of the CDDO Domains Team, I need to:
- know what domain configuration issues exist and how to fix them
- alert and advise stakeholders (eg people who are responsible for a public sector domain name) about domain configuration issues
- ensure the quick resolution of domain configurations
- security vulnerabilities in public sector domains are minimised
- public sector digital services remain available
- CDDO is supporting Cabinet Office's priority to strengthen and secure the United Kingdom at home and abroad.
People who are not users of the domain toolset:
As the person responsible for a public sector domain name, or other stakeholder, I need to:
- be made aware of any domain configuration issues in my organisation
- I can manage my domain properly
- my organisation's digital presence remains available
- my organisation's digital services runs effectively
- my organisation is trusted online by other government organisations, commercial organisations and citizens.
Early market engagement
Any work that’s already been done
A significant amount of work has already gone into the prototype toolset.
It has been built according to the GDS Way , most components are well documented and operating at production quality, and the discovery phase is complete.
The toolset currently:
- collects data
- identifies certain domain configuration issues from the data collected
- presents that information in files for specialist users
- passes some of its data to Salesforce for generalist users
- exports some of its data via Salesforce API to third parties
The supplier will be working with the CDDO Domains team. This team includes subject matter experts. The team can provide material produced by recent user research and service design
Address where the work will take place
No specific region, they can work remotely. The domains team is normally based at The White Chapel Building 10 Whitechapel High Street, 7th Floor, London, E1 8QS
This is a piece of development work whose primary focus is on getting information presented to a small community of specialist users quickly and accurately. As such, the team should consist predominately of senior specialist developers. The supplier can rely on CDDO to provide specialist domain knowledge, user research and service design input.
SC clearance required
Additional terms and conditions
All expenses must be pre-agreed with between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.
All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects. For further information please see the Information Commissioner's Office website:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Essential skills and experience
- In depth knowledge of: - AWS
- In depth knowledge of: - Postgres
- In depth knowledge of: - Python
- In depth knowledge of: - DNS
- In depth knowledge of: - Scripting
- In depth knowledge of: - Salesforce
- In depth knowledge of: - Building capability to interact with third party APIs, including Salesforce and EPP.
- In depth knowledge of the public core of the internet, specifically: - naming and numbering systems
- In depth knowledge of the public core of the internet, specifically: - cryptographic security and identity mechanisms
- In depth knowledge of the public core of the internet, specifically: - common protocols and standards
- Experience of operating in a hybrid of Agile, waterfall and other project delivery methodologies.
Nice-to-have skills and experience
- Experience of the DNS marketplace and global structure
- Experience of Public Sector IT strategy
- Experience in delivering services in accordance with the Technology Code of Practice.
How suppliers will be evaluated
All suppliers will be asked to provide a written proposal.
How many suppliers to evaluate
- The proposed technical solution - 40 points
- The proposed approach and methodology - 10 points
- How the approach meets our business goals - 10 points
- How the approach meets our business goals - 10 points
- How proposed approach meets our timeframe - 5 points
- How the approach identifies risks and dependencies and offers ways to manage them - 10 points
- Team structure and organisational makeup - 5 points
- Value for money of the proposed solution - 10 points
Cultural fit criteria
- Work as a team with our organisation and other suppliers
- Transparent and collaborative when making decisions
Additional assessment methods
- Case study
- Work history