Department for International Trade
Cyber Capability
30 Incomplete applications
19 SME, 11 large
1 Completed application
1 SME, 0 large
Important dates
- Published
- Thursday 12 May 2022
- Deadline for asking questions
- Thursday 19 May 2022 at 11:59pm GMT
- Closing date for applications
- Thursday 26 May 2022 at 11:59pm GMT
Overview
- Off-payroll (IR35) determination
- Contracted out service: the off-payroll rules do not apply
- Summary of the work
- DIT require a supplier to provide cybersecurity expertise with experience to deliver and enhance the DDaT Directorate’s services, through a range of short and long-term projects in accordance with GDS standards.
- Latest start date
- Monday 18 July 2022
- Expected contract length
- Location
- London
- Organisation the work is for
- Department for International Trade
- Budget range
- The Buyer will issue a range of work packages. A maximum budget of £2,000,000.00 for a 24 month duration, exclusive of VAT. This budget range excludes any extension options. The value of the optional extension period is £500,000 excluding VAT.
About the work
- Why the work is being done
-
DDaT require a contract specialists to work on a range of short and long-term projects in accordance with GDS standards. We are looking to supplement these existing contracts with one to provide the following Cyber expertise:
• Microsoft technology capability / expertise
• Risk Management support, for the Information & Risk Assurance Process (IRAP), to ensure and manage supply chain risk
• Provide Architectural support
• Forensics
• Vulnerabity Management
This should include relevant expertise in the DDaT Capability Framework ‘Technical Job Family.’ Details at: https://www.gov.uk/government/collections/digital-data-and-technology-profession-capability-framework.
This includes a number of portfolios of work, including the below that are in scope for this requirement:
• Export and Investment Services Portfolio
• Trading Services portfolio
• Employee experience portfolio
• Data platforms portfolio
• Technology platforms portfolio - Problem to be solved
-
Problem to be solved
DIT DDaT are responsible for a number of tools used both within and outside the Department. As a growing team, we have an increasing number of needs.
For example, all new digital tools and services used by the department are required to go through our internal Information Risk Assurance Process (IRAP). We would expect the supplier to provide risk management support, to support & manage supply chain risk.
In the same way, we are looking for Microsoft tooling capability to boost the security & compliance of our implementation of the M365 suite of applications and supporting toolkits. We likewise have comparable requirements across the wider Microsoft product estate including Azure. - Who the users are and what they need to do
-
We are looking for a supplier to help our Digital, Data and Technology team deliver against its cyber security security. DDaT is a growing function, and we need extra capacity to support existing & new priorities.
DIT services include both staff-facing and public-facing products. Staff-facing services are used by ~4,000 of the Buyer's staff and partners around the world, enabling the Buyer to support UK investment and overseas investors and to inform UK trade policy. The Buyer's public-facing digital services are used by overseas investors and UK exporters to support them in their international trade journey. - Early market engagement
- Any work that’s already been done
- Existing team
- The Buyer's DDAT team consists of a range of multi-disciplinary teams, working across all areas. It is a fast-growing team. There is an existing Cybersecurity team and IRAP team, constituted largely of civil servants. Documenting the work and handing over is a critical part of the contract to ensure that DDaT owns and retains the knowledge created during the work.
- Current phase
- Not started
Work setup
- Address where the work will take place
- Typically, a substantial portion of the work will be performed on-site at DIT’s premises in Westminster, London, unless otherwise agreed.
- Working arrangements
-
Typically, a substantial portion of the work will be performed on-site at DIT’s premises in Westminster, London, unless otherwise agreed.
However, at the time of publication, government measures to reduce Covid-19 are in operation and as such, work should be done remotely and in observance of social distancing and shielding guidance. DIT will continue to observe all government advice in the coming months aimed at reducing the spread of the disease - Security clearance
- The expectation is that supplier staff will be required to have SC clearance before they start. A copy of the clearance from the supplier will be required. It is the responsibility of the supplier to ensure clearance is received.
Additional information
- Additional terms and conditions
-
All expenses must be pre-agreed between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.
The initial SOW will be agreed with the successful supplier following award.
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
- Essential skills and experience
-
- Have a range and depth of expertise in providing the required technical roles.
- Have proven expertise in security & compliance of M365 suite of applications and supporting toolkits.
- Have expertise in business and technical architecture for Security & Compliance assurance across the Microsoft product estate including Azure.
- Have experience in supporting organisations in the assessment and management of risk across a broad spectrum of technologies.
- Demonstrate the ability to work with stakeholders to refine and validate their ideas.
- Have the ability to think creatively and articulate innovative ideas to solving complex business, technology and risk management problems.
- Have experience in designing management information and other relevant contributions for audit and risk assurance committees.
- Have knowledge and experience of best practice regarding implementing least privilege security models and approaches within cloud environments.
- Have knowledge of a range of security standards including but not limited to ISO27000, SOC 2, CIS & NIST.
- Demonstrable use and delivery of design artefacts.
- Nice-to-have skills and experience
How suppliers will be evaluated
All suppliers will be asked to provide a written proposal.
- How many suppliers to evaluate
- 3
- Proposal criteria
-
- Please outline how much resource you will be able to provide to meet call-off requests under this contract, including the volume of parallel requests that you could meet.
- Explain your approach to onboarding and retaining key resources within changing market conditions.
- Explain how you'll meet DIT's need for appropriately skilled-individuals - what internal tests/processing will you undertake to ensure these specialists meet our requirements? How-will-you-measure-and-manage-the-quality-and-speed-of-delivery? (6%)
- Please provide outlines of the team profile / work history of the individuals who could be deployed to work on this DIT requirement.
- Explain how you will ensure DIT staff are ready to take on operational control and support upon completion of work.
- Cultural fit criteria
-
- Demonstrate your ability to deliver in an open, collaborative, agile way according to the principles outlined in the Government Service Standard and Technology Code of Practice.
- Experience in upskilling and mentoring junior members of staff, including from unrepresented groups, helping them in achieving their career objectives.
- Payment approach
- Capped time and materials
- Additional assessment methods
- Evaluation weighting
-
Technical competence
60%Cultural fit
20%Price
20%