Awarded to Avco Systems Ltd

Start date: Friday 11 March 2022
Value: £550,000
Company size: SME
Oxford Health NHS Foundation Trust

Truecolours - Review, Redevelop, Hosting, and Support

13 Incomplete applications

9 SME, 4 large

12 Completed applications

9 SME, 3 large

Important dates

Tuesday 15 February 2022
Deadline for asking questions
Tuesday 22 February 2022 at 11:59pm GMT
Closing date for applications
Tuesday 1 March 2022 at 11:59pm GMT


Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work
The Trust requires the following:
1. A re-write of the solution in line with modern standards.
2. The inclusion of new functionality and capabilities
3. Strategic support and design and planning services
4. Stakeholder engagement
5. Professional services
6. Support and Maintenance of the Solution
7. Hosting of the Solution
Latest start date
Monday 14 March 2022
Expected contract length
2 years
No specific location, for example they can work remotely
Organisation the work is for
Oxford Health NHS Foundation Trust
Budget range
The contract shall have a maximum budget of £550,000 including VAT.
Year one shall have a maximum spend of £350,000.
Year two shall have a maximum spend of £200,000.

About the work

Why the work is being done
True Colours is a web application with backing data storage. It provides capabilities to allow clinicians and researchers to track patient mental health through analysis of patient completed questionnaires.
The system is currently in use by various organisations, including Oxford Health NHS Foundation Trust (OHFT), Oxford University Hospitals Trust (OUH), Oxford University, and several smaller installations at other research locations.
Originally, a research project, Truecolours has become an important solution in live clinical use. To continue being used in this setting the solution will need upgrading to the latest clinical and cyber security standards.
The Trust is looking for a provider to take over the development and maintenance of the True Colours solution and continue to work with the University and Trust stakeholders to develop new functionalities and capabilities as well as redress the issues identified previously – bringing the solution up to date with respect to security and audit functionality.
The Trust has the expectation that core works can be completed in the first 8-12 months with the main outcome being that the solution is bought up to modern standards. An additional 12 months will then be available for iterative improvements to the functionality in line with user needs.
Problem to be solved
The initial development of True Colours resulted in a generally sensible and understandable structure with mostly clean code. Although many of the initial software design and architecture choices have aged well, key areas of the system require investment to redress decisions made during the original development, particularly:
• The original adoption of a framework library as a core component that has since been abandoned by its community and maintainers which ties the system to older unsupported technologies.
• Construction of an in-house database driver to address limitations in the chosen database which constrains the database to an older version.
• A general design strategy where only one server could exist which causes intermittent issues with running a resilient and highly available service.

These problems anchor the project in older technologies and restrict efforts to bring the system in line with current security and hosting standards. This has been the case for long enough that the technologies the system is tied to are now unsupported or shortly will be. These unsupported libraries no longer receive security patches. Consequently, the development, deployment, and maintenance of the system is significantly more complicated and will only become more so.
Who the users are and what they need to do
The solution is used by both clinicians and patients within the NHS to track mental health conditions using routine outcome measures. As such the users of this system rely heavily on it for improvements in their own mental health care and how well the solution works will potentially improve outcomes for patients.
The Trust is happy to make staff and stakeholders available to provide insight to the requirements for any future development. Access to patients may be possible but will need to be closely controlled by attending clinicians and suitable consents gained.
There are a large number of user stories; however key stories include:
As a clinician i need to be able to be able to interact and review questionnaires submitted by patients to adapt and tailor their care needs.
As a patient user i need to be able to access questionnaires about my mental health so that i can provide my clinician with useful data regarding my condition.
As a system manager i need the solution to operate according to modern security and clinical safety standard so that the Trust can comply with NHS regulations and protect patients' data.
Early market engagement
No early market engagement has occurred for this project; however, a technical review of the product was undertaken internally to assess the requirements and risks of a redevelopment.
Any work that’s already been done
Considerable work has been done to develop the solution already by the Trust, Oxford University, and Third-Party Developers. The Solution is currently hosted and supported by one such developer.
The solution has to all intents and purposes been fully developed and is itself a functional product in live use.
Whilst the Trust will be looking to maintain the outcomes and functionality of the Trust Colours solution as it is today it will be up to a new supplier to oversee the overhaul and rewrite of significant portions of the code base to make it compliant with modern standards.
Existing team
The Trust has no development resources attached to the project. Development is primarily undertaken by a third party supplier who also hosts and supports the solution.
Oxford University and the Trust provide programme support and strategic management of the solution. This includes instructing a third party developer regarding any improvements or alterations required.
The developer is responsible for realising the programme and strategic goals of the other parties.
Current phase

Work setup

Address where the work will take place
The supplier may work remotely using communication technology to interact with Trust resources. The Trust is also happy for face-to-face meetings on the Trust's site by arrangement.
Working arrangements
Expenses should be included in any pricing. Flights will not be permitted expenses.

The Trust is happy to use a flexible hybrid working model that adapts to the prevailing constraints of the project. The Trust is happy for work to be 100% remote but has the facility to accommodate on-site meetings if required. The Trust expects to work together with a supplier in good faith to assess the most appropriate working arrangement at any given time.
Security clearance
No security clearance is required; however, the solution is a clinical system and therefore handles extremely sensitive mental health data.

Additional information

Additional terms and conditions
No additional terms and conditions applied

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Have experience developing technical solutions for the NHS
  • Suitable technical capabiltities to host the solution either in house or a managed partner
  • work to a recognised methodology and be capable of managing Trust and Oxford University resources within this methodology
  • Have a strong knowledge of CoffeeScript, JavaScript, MongoDB, and CSS
  • have the ability to work with large, internally maintained libraries (bespoke libraries)
  • be proficient in modern security and clinical safety standards
  • be able to provide full stack capabilities
  • be capable of delivering a full rewrite of the solution within 8-12 months
Nice-to-have skills and experience
  • have experience working with Truecolours
  • have a working knowledge of BatmanJS
  • have a working knowledge of a range of dependencies

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Technical Solution
  • Programming Language capabilities
  • Knowledge of BatmanJS
  • Team Structure including Trust and Oxford University
  • Approach to planning, due diligence, and requirements gathering
  • technical alignement to NHS standards
  • Implementation timesclaes
  • Development methodology
  • Support and Hosting
  • Value for Money
Cultural fit criteria
  • be able to colloborate well with both an NHS Trust and Clinical Research Partner (Oxford University)
  • Provide a detailed knowledge sharing function
  • Provide ad-hoc support related to the operation of an NHS Trust e.g. supporting audits
  • Align their business process to NHS standards to ease working practices
  • Provide support to the Trust when transitioning to new versions of the solution
  • Have strong problem solving capabilities
  • be satisfied to waive all rights to IPR
Payment approach
Time and materials
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. The criteria in Essential skills are not compliant with DOS framework and discriminatory..
Previous NHS, Oxford experience etc. only supports incumbent suppliers and does not enable wider supplier reach which is the true principle behind Digital marketplace
The Trust will be required to work with a supplier that works to recognised NHS operational standards (Such as DCB0129) including the correct staff (clinical safety team members). As a frontline clinical solution that could impact patient care "experience developing technical solutions in the NHS" is necessary for us to ensure that a supplier has core capabilities of meeting our needs. We categorically do not require Oxford experience. The Trust believes that the NHS is a suitably large organisation that we have not unfairly limited the ability for a large number of suppliers to apply.
2. If you are looking for a re-development of the application why do you have a preferred technology stack ?
Reviewing our language "rewrite" would be more appropriate than "redevelop". We don't believe we have mandated a specific stack for the finished solution but would require a strong knowledge of the existing stack to be able to accurately and safely rewrite the solution into a stack of your choice. The Trust believe that core aspects and logic of the code remain acceptable if a supplier wishes to rewrite them. Our main issue is with the use of CoffeeScript, deprecated dependencies, and a reliance on BatmanJS. As a clinical system these dependencies are now untenable from a security and safety standpoint.
3. Can you provide some more information about the technology that the solution is currently developed and hosted on. Is there a desire to ultimately move away from these options as part of the redevelopment or continue using them?
The existing tech stack consists of CoffeeScript, BatmanJS, NodeJS, and MongoDB and hosted on AWS. There is an absolute need to move away from CoffeeScript and BatmanJS. Bidders are welcome to propose any technology stack they feel is appropriate and in this respect the Trust is technology agnostic. We believe that public cloud hosting is preferable but again would be open to suggestions here as we remain agnostic.
4. Can you provide the full set of web technologies (front-end and backend) used to develop the True Colours web application?
The existing tech stack consists of CoffeeScript, BatmanJS, NodeJS, and MongoDB
5. One objective is a rewrite of the solution. Is this to build a new solution or to refactor what has already been developed? If it is a new build, is there a preference/limit on the web technologies that can be used?
The Trust is open to different approaches. After a technical review, the Trust believes there is business logic and structure that would lend itself to a supplier wishing to refactor the solution. However, the same review discussed many benefits of a full rewrite. The Trust would support an approach that sought to rewrite or refactor. There is no preference or limit on the technologies per se; however the Trust reminds suppliers that this is a clinical system and therefore security, stability, reliability, and long term support are vital.
6. From a hosting perspective, what platform/infrastructure is utilised currently in hosting the solution?
The solution is currently hosted in AWS. The Trust is platform agnostic but would expect any hosting to be inline with NHS standards.
7. In light of the desire to have a solution that is brought up to modern standards, and recognising the current deficiencies in the architecture, would they consider the solution/platform being rewritten in Python rather than CoffeeScript and Java?
There is no requirement to use a specific language or technology for the redevelopment. The Trust categorically wishes for a new solution to not use CoffeeScript. This is one of the main reasons for the rewrite. There is no reason Python would be discounted as an option.
8. Is MongoDb currently used as a document store, ie are the mental health questionnaires actual e-documents?
Health questionnaires are not e-documents. One of the issues we currently have is that questionnaires are hardcoded into the source code making it difficult to easily change them. The Trust would welcome an approach that made building and editing questionnaires possible by users as these questionnaires are based on national and internationally defined standards, meaning they change regularly as they are updated.
9. Would the Trust consider other databases, eg Neo4j
The Trust would consider another database technology provided the same outcomes were achieved for end users.
10. Regarding Nice-to-Have skills on TrueColours can you please clarify on the DOS 5 guidelines on discriminatory clause below :
Extracts (page -8)
“It is discriminatory to suppliers to state that they must have previous experience working in the public sector or within your specific industry.
What is it about the public sector that requires specific skills or experience? Suppliers may have worked for complex commercial organisations which are highly regulated (e.g. financial or pharmaceutical) and could therefore demonstrate the required skills and experience within a different environment.”
The Trust will agree to remove the stipulation that a supplier must have NHS experience or have worked on TrueColours as a product.

The Trust is not allowed to waive recognised NHS clinical safety standards with respect to the development of software and these will remain requirements of a successful supplier. Any supplier capable of meeting NHS standards for development specifically, DTAC and DCB0129. Both standards require specific staff to be in place. The Trust accepts it has over simplified its requirement into one of past experience when in fact it is one of NHS standards. Please see standards below.
11. Please elaborate on “clinical safety standards”
As a minimum NHS suppliers developing and providing hosted services to the NHS are expected to comply with:
- Data Security and Protection Toolkit (
- DCB0129 (
- DTAC (

If, during development, it is agreed that the solution should be subject to medical device regulation then the preferred supplier is expected to support the Trust in achieving the necessary compliance.
12. Please elaborate on “full stack capabilities”.
By this the Trust means the ability to implement and manage a fully hosted solution. Currently the solution is hosted, developed from end to end, and supported by a single supplier. The Trust wish for this to be the case. The Trust is not expecting only a front-end or back-end rewrite of the solution. A successful supplier will be expected tot handle all aspects of hosting and hosting management as well as front end and back end development.
13. “work to a recognised methodology and be capable of managing Trust and Oxford University resources within this methodology”.
How can a competent supplier fairly bid this proposal with no prior experience of managing Trust and Oxford University resources ?
What methodology are you referring to ?
The Supplier will not be expected to undertake their own operations to recognised development and implementation methodologies e.g. Agile and Prince2. Suppliers will be required to explain to both the Trust and OU what is required of them to facilitate and support the supplier's development and implementation methodology. In other words, the supplier must be responsible and take ownership of the management of development and implementation of the software. The Trust wishes to procure a contracted service and is not looking for development resource to supplement an existing team. This is vital to maintain IR35 compliance.
14. As an experienced IT SME supplier we have all the necessary skillsets except for NHS and TrueColours, do you believe our proposals will be considered ?
As discussed in responses above, the Trust will lift the requirements for public sector experience but it cannot waive the standards that must be adhered to (also provided above) for any developers working in the NHS. The Trust cannot confirm whether or not your response would be acceptable without further confirmation of your intention to comply with these standards by the start date. We will be looking to ensure that developers are compliant with DCB0129 and other NHS standards. These standards generally take time, require specific clinical safety resources, and processes and policies specific only to NHS customers.
15. Regarding “be capable of delivering a full rewrite of the solution within 8-12 months’, this cannot be precise without a. detailed requirements and any associated Risk logs in your environment. What is expected by suppliers in this question ? Is it a binary Yes or No or detailed ?
Limitations in the DOS5 portal (200 words per response) make it difficult to provide all available documentation. As part of our existing work we have commissioned a technical assessment that indicated timescales for a new supplier to complete the works. 8-12 months was agreed as a suitable timescale to allow a new supplier to have adequate mobilisation, knowledge transfer, and research opportunities. Suppliers should consider this an opportunity to describe their available resources, capabilities, and availability to support this project over the coming 12 months. Of course it may be conditional subject to further review of the codebase if successful.
16. Will all suppliers be asked to provide a written proposal or only 3 shortlisted ?
Due to the time constraints imposed on the Trust we will only be reviewing the three shortlisted suppliers. The Trust has received central NHS funding that must be committed by the 31st March and as such our timescales are extremely tight.
17. Can we provide a secured link for more information?
Unfortunately, No. We have to abide by the structure of the DOS framework. This is not ideal for the Trust either and (as can be seen by the large number of clarifications) is not ideal for the Trust which likewise has been unable to provide as much information as we would have liked.
18. With regards to Q5...have the ability to work with large, internally maintained libraries (bespoke libraries). Could you expand on what you mean here so we can best answer your question? What specific database skills are you looking for ? Thank you
With respect to internal libraries - the Trust has 62 dependencies for the Truecolours solution (see below). We are wanting a supplier to be able to review the deprecated dependencies and work with the Trust to understand the tweaks and changes applied so that their effect can, be replicated in the rewritten solution. Ultimately the Trust is not looking for a supplier to assume that an old deprecated library can simply be replaced by a newer version with no issue. There is a complex system of dependencies some of which have been customised that need to be understood.
19. With regards to Q5...have the ability to work with large, internally maintained libraries (bespoke libraries). Could you expand on what you mean here so we can best answer your question? What specific database skills are you looking for ? Thank you
The database is MongoDB. We will be looking for a supplier to be able to review the database and migrate data from it to a database of the Supplier's choosing.
20. Can you please expand on this question as we’re unsure what ‘range of dependencies’ you’re referring to? Do you mean technical or with regards to the NHS?
The Truecolours Solution has 62 dependencies managed using npm. The Trust is trying to find a way to provide the table of these dependencies but may have to simply include them as raw csv for suppliers to view using multiple clarification responses
21. How do patients interact with the service currently aside from the website directly – i.e. SMS
not at the moment, however, we plan to allow Patients to interact with the service remotely in the redeveloped version. Patients need to be able to complete questionnaires remotely and, in the future, also be able to view their True Colours record.
22. What is the current size of the application and database
Application ~350K lines of code, Database size ~600MB
23. Does the application involve uploading files/documents
no, there is no requirements to upload documents.
24. Are there any 3rd party dependencies which have licences/
No, there are no such dependencies
25. How many deployments are there currently?
There are currently 2 instances of True Colours within OHFT. Outside of OHFT we are aware of a further 4 deployments in live use and the solution is likely in use in research projects in a range of other academic organisations.
26. Are the deployments of single instance (i.e. one copy of the application/database per organisation or one copy with shared database)
currently there is an instance of the application/database for each service or research project, however, we would like to have a single instance for organisation going forward (e.g. instance for OHFT including children, adult and perinatal service; instance of OUH, instance for Oxford University etc.)
27. Is it expected that existing data is preserved
yes, existing data will need to be migrated to the redeveloped platform to support continuity of care.
28. is this the true colours system all contained within a single internet facing environment or are there any aspects of it that run internally across HSCN network for example?
there are several instances of the application (6 in total), some instances are hosted by OHFT (both internally and using AWS via third-party supplier) and Oxford University. Going forward we would look to migrate these instances to be hosted by third-party supplier independent from HSCN network
29. Does the application interface with any 3rd party system
yes, the application interfaces with the Trust’s clinical system to receive user, patient and episode data.
30. How do users onboard to the service
this is different depending on the instance, for OHFT CAMHS service users automatically come across from the primary clinical system. For other instances users are created manually by systems admins.
31. How do clinical/services onboard to the service
previously, they would have a new instance of the application created, however, going forward we would like to have one instance for each organisation, therefore, the onboarding process will change for the redeveloped platform. We would look work with the supplier to establish this new process.
32. How do users authenticate to the service (e.g. username/password, 2-factor, single sign-on) via username/password
Users authenticate using a username and password. As part of the redevelop the Trust would want to implement two-factor authentication as the solution is likely to be hosted in a public cloud environment. This will need consideration with internal Trust IT teams to assess feasibility.
33. How are users/service users off-boarded
this is different depending on the instance, for OHFT CAMHS users are deactivated via an interface with the Trust’s primary clinical system. For other instances the process is manual
34. Due to limitation on DOS portal, response for each question we cant able to provide enough information. Can we upload the file to our sftp and pass you the relevant url.
Unfortunately we cannot accept additional information not governed and audited through the framework's system. The Trust has the same issue with being able to pass information out. We understand that this initial stage is about confirming core capabilities and that there is only a small amount of space to achieve this. We suggest that suppliers focus on brevity and could use bullet style drafting as opposed to prose.
35. Who is the company that developed Truecolours and who currently supports it?
This won't be provided. The incumbent supplier is wishing to bid in this process and so has the right, as do all suppliers to have their identity kept anonymous. The Trust cannot see which suppliers are bidding for work (including our incumbent) and will not be breaching the confidentiality of this procurement process. Our incumbent has been asked to compete for this work due to its complexity and value and they should be afforded the same privacy as any other supplier. The Trust cannot see at this time why knowing the supplier's name would be relevant to any supplier's capabilities.
36. Will bidders be able to view the Truecolours system e.g. via an online link?
This is not possible at this time. We cannot create a new environment quickly enough and set up the relevant accounts within the timescales of this procurement. Whilst the Trust has non-live environments we sill not be opening these up for public examination. As the only public facing instances are live clinical systems we also will not be making these available.
37. Your essential skills and experience appear to be very specific to programming skill sets. Where do these originate and why do you mandate them?
Our essential skills mandate the understanding of these programming languages because the solution is currently written in them. The Trust is not mandating the rewritten solution use these languages (suppliers are free to choose their own approach); however, as the Trust is expecting a rewrite we expect suppliers to have the skills to review and understand the existing codebase. We see this much like a translation you must know both the source language and target language (which suppliers are free to choose) to accurately and safely rewrite the solution.
38. An open standards approach with low-code programming would logically seem to be highly appropriate to this need. Why is this apparently excluded?
The Trust has given suppliers freedom to define their own solution. Reviewing our requirements, it is not possible to see where we have stated that such an approach is excluded from consideration. We mandate an understanding of programming languages and it is fair to say we had assumed a traditional rewrite using another programming language but the Trust would happily receive a low code programming environment approach provided it can meet all the same safety standards and achieve the desired outcomes.
39. AI would appear to be of very relevant value to the purpose of Truecolours. Why has this not been recognised in the requirement, even in the form of assuring end-to-end interoperability with AI?
As with the previous clarification, the Trust has not excluded AI. At this point the Trust cannot see where AI would be implemented but that is not to say that suppliers do not have ideas and ways of integrating it. The use of AI in frontline clinical care is an extremely sensitive subject and would require additional safety and security to ensure that there was no impact to care. We have provided suppliers with freedom to define their own solution. The Trust cannot exhaustively detail every possible technology and state whether we would like suppliers to use it.
40. The whole requirement appears to have been fixed to the incumbent supplier. What can be said to indicate that this is not the case?
The Trust is unable to see this. There are no requirements that are specific only to a single supplier. The Trust has not mandated any specific technology or approach to be taken. The Trust is allowing suppliers to define their own approach using their own technology and speciality. We require suppliers to be able to operate safely and in accordance with NHS standards. We cannot remove this requirement but there are a large number of developers working to these standards across the NHS - the market for these skills is no so small as to impact this procurement.
41. The whole requirement appears to have been fixed to the incumbent supplier. What can be said to indicate that this is not the case? (part 2)
We have a genuine need to rewrite a clinical solution to bring it in line with modern safety standards. We cannot get away from the fact that both Oxford University developers and our incumbent developers understand the product to a greater extent. This gives them the natural advantage of an incumbent. However, they are being forced to compete for this work which the Trust simply didn't have to do - other routes were available. The Trust is looking for suppliers to be collaborative, innovative, creative, and understanding of the challenges of a customer.
42. The whole requirement appears to have been fixed to the incumbent supplier. What can be said to indicate that this is not the case? (part 3)
In return we are essentially waiving any control over the solution's technical architecture all to ensure that as many suppliers can apply as possible. The Trust has tight timescales as a result of central funding constraints as such understands that suppliers will require additional time to undertake due diligence which has been factored into the expectations. Unfortunately we can only evaluate a small number of responses simply because we only have a short number of weeks left. Failing to hit this deadline will mean the return of funds and the cancellation of the project entirely.
43. Please can you elaborate on what you require for the following question “Evidence of have a working knowledge of a range of dependencies”
please see the previous response on dependencies
44. What web browsers does the app need to be compatible with?
As a minimum Chrome, Edge, Internet Explorer, Firefox, Safari; however, the solution is public facing and so any development should ensure that any features that are known not to work in these browsers fail safely and would not create a risk to a patient using an alternative browser.
45. There is no option to answer the “Cultural fit criteria”. Can you advise how we can provide the answers.
The Trust is unable to see the response page you are referring to. The cultural fit criteria are not questions per se rather they represent the subjects and areas of your submission that will be relevant to your Cultural Fit Score. e.g "Have strong problem solving capabilities" is a criterium that will be referred to when evaluating responses and not a question to be answered.
46. Are there any parts of functionality in your existing system, that are not needed from Trust’s perspective?
No There are no parts of the solution that are redundant. All functionality does need to be reviewed to assess whether it is safe, secure, and fit for purpose but all functionality will need to be included.
47. Can we reference more than one client in our response to each question?
Yes, you may.
48. Would the Trust be prepared to consider a variant bid to this procurement where a supplier is able to deliver as follows:
1. A completely configurable solution, that is wholly tailorable and can be configured to fully meet the requirement/functionality of the Trust Truecolours system;
2. Services to support the migration of the existing / historical data into the variant solution as part of the deliverable;
3. Whilst ensuring the commercials for the deployment/cloud provision of the proposed variant solution is wholly within the Trust commercial envelope;
4. Where the deliverable is not subject to the retention of any IPR?"
Yes, given the description provided this would fall within the requirement and not be excluded out of hand.
49. What dependencies exists within the software?
Truecolours utilises the following dependencies:
express , express-session, express-namespace , express-useragent, serve-favicon , body-parser, cookie-parser , morgan, errorhandler , constantinople, pug , mongoose, batman , i18next, async , passport, passport-local , passport-localapikey, passport-hash , tedious, tedious-connection-pool , recursive-fs, connect-mongo , moment, nodemailer , mongodb, Committed , tv4-mutant, deep-equal , xlsx-stream, oauth , clone, nodetime , node-cache, minimist , connect-busboy, xlsx-style , xml, elementtree , base64url, cli-table , fast-csv, extend , apn, extract-zip , fs-extra, bcryptjs , coffee-script, node-inspector , nodemon, wd , mocha, babylon , babel-types, chai , chai-datetime, q , request, uglify-js , clean-css, bless