Department for International Trade

Cyber Capability

30 Incomplete applications

19 SME, 11 large

1 Completed application

1 SME, 0 large

Important dates

Thursday 12 May 2022
Deadline for asking questions
Thursday 19 May 2022 at 11:59pm GMT
Closing date for applications
Thursday 26 May 2022 at 11:59pm GMT


Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work
DIT require a supplier to provide cybersecurity expertise with experience to deliver and enhance the DDaT Directorate’s services, through a range of short and long-term projects in accordance with GDS standards.
Latest start date
Monday 18 July 2022
Expected contract length
Organisation the work is for
Department for International Trade
Budget range
The Buyer will issue a range of work packages. A maximum budget of £2,000,000.00 for a 24 month duration, exclusive of VAT. This budget range excludes any extension options. The value of the optional extension period is £500,000 excluding VAT.

About the work

Why the work is being done
DDaT require a contract specialists to work on a range of short and long-term projects in accordance with GDS standards. We are looking to supplement these existing contracts with one to provide the following Cyber expertise:
• Microsoft technology capability / expertise
• Risk Management support, for the Information & Risk Assurance Process (IRAP), to ensure and manage supply chain risk
• Provide Architectural support
• Forensics
• Vulnerabity Management
This should include relevant expertise in the DDaT Capability Framework ‘Technical Job Family.’ Details at:
This includes a number of portfolios of work, including the below that are in scope for this requirement:
• Export and Investment Services Portfolio
• Trading Services portfolio
• Employee experience portfolio
• Data platforms portfolio
• Technology platforms portfolio
Problem to be solved
Problem to be solved

DIT DDaT are responsible for a number of tools used both within and outside the Department. As a growing team, we have an increasing number of needs.

For example, all new digital tools and services used by the department are required to go through our internal Information Risk Assurance Process (IRAP). We would expect the supplier to provide risk management support, to support & manage supply chain risk.

In the same way, we are looking for Microsoft tooling capability to boost the security & compliance of our implementation of the M365 suite of applications and supporting toolkits. We likewise have comparable requirements across the wider Microsoft product estate including Azure.
Who the users are and what they need to do
We are looking for a supplier to help our Digital, Data and Technology team deliver against its cyber security security. DDaT is a growing function, and we need extra capacity to support existing & new priorities.

DIT services include both staff-facing and public-facing products. Staff-facing services are used by ~4,000 of the Buyer's staff and partners around the world, enabling the Buyer to support UK investment and overseas investors and to inform UK trade policy. The Buyer's public-facing digital services are used by overseas investors and UK exporters to support them in their international trade journey.
Early market engagement
Any work that’s already been done
Existing team
The Buyer's DDAT team consists of a range of multi-disciplinary teams, working across all areas. It is a fast-growing team. There is an existing Cybersecurity team and IRAP team, constituted largely of civil servants. Documenting the work and handing over is a critical part of the contract to ensure that DDaT owns and retains the knowledge created during the work.
Current phase
Not started

Work setup

Address where the work will take place
Typically, a substantial portion of the work will be performed on-site at DIT’s premises in Westminster, London, unless otherwise agreed.
Working arrangements
Typically, a substantial portion of the work will be performed on-site at DIT’s premises in Westminster, London, unless otherwise agreed.

However, at the time of publication, government measures to reduce Covid-19 are in operation and as such, work should be done remotely and in observance of social distancing and shielding guidance. DIT will continue to observe all government advice in the coming months aimed at reducing the spread of the disease
Security clearance
The expectation is that supplier staff will be required to have SC clearance before they start. A copy of the clearance from the supplier will be required. It is the responsibility of the supplier to ensure clearance is received.

Additional information

Additional terms and conditions
All expenses must be pre-agreed between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.

The initial SOW will be agreed with the successful supplier following award.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Have a range and depth of expertise in providing the required technical roles.
  • Have proven expertise in security & compliance of M365 suite of applications and supporting toolkits.
  • Have expertise in business and technical architecture for Security & Compliance assurance across the Microsoft product estate including Azure.
  • Have experience in supporting organisations in the assessment and management of risk across a broad spectrum of technologies.
  • Demonstrate the ability to work with stakeholders to refine and validate their ideas.
  • Have the ability to think creatively and articulate innovative ideas to solving complex business, technology and risk management problems.
  • Have experience in designing management information and other relevant contributions for audit and risk assurance committees.
  • Have knowledge and experience of best practice regarding implementing least privilege security models and approaches within cloud environments.
  • Have knowledge of a range of security standards including but not limited to ISO27000, SOC 2, CIS & NIST.
  • Demonstrable use and delivery of design artefacts.
Nice-to-have skills and experience

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • Please outline how much resource you will be able to provide to meet call-off requests under this contract, including the volume of parallel requests that you could meet.
  • Explain your approach to onboarding and retaining key resources within changing market conditions.
  • Explain how you'll meet DIT's need for appropriately skilled-individuals - what internal tests/processing will you undertake to ensure these specialists meet our requirements? How-will-you-measure-and-manage-the-quality-and-speed-of-delivery? (6%)
  • Please provide outlines of the team profile / work history of the individuals who could be deployed to work on this DIT requirement.
  • Explain how you will ensure DIT staff are ready to take on operational control and support upon completion of work.
Cultural fit criteria
  • Demonstrate your ability to deliver in an open, collaborative, agile way according to the principles outlined in the Government Service Standard and Technology Code of Practice.
  • Experience in upskilling and mentoring junior members of staff, including from unrepresented groups, helping them in achieving their career objectives.
Payment approach
Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

No questions have been answered yet

Log in to ask a question