This opportunity is closed for applications

The deadline was Thursday 6 April 2023
Department for Work and Pensions

VR Dev

5 Incomplete applications

3 SME, 2 large

1 Completed application

1 SME, 0 large

Important dates

Published
Thursday 23 March 2023
Deadline for asking questions
Thursday 30 March 2023 at 11:59pm GMT
Closing date for applications
Thursday 6 April 2023 at 11:59pm GMT

Overview

Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work
VR Dev in Service Now
Latest start date
Saturday 1 April 2023
Expected contract length
1 year
Location
No specific location, for example they can work remotely
Organisation the work is for
Department for Work and Pensions
Budget range

About the work

Why the work is being done
The Department’s Adaptive Security Programme (ASP) is focussed on improving security controls across the Department’s Digital Services to reduce the residual risks associated with a Cyber attack.
A decision was taken in January 2022 to select ServiceNow’s Security Operations platform as a core set of controls, Security Incident Response (SIR) and Integrated Risk Management (IRM) have previously been purchased with a base capability implemented. The next phase is to extend this capability in-line with ServiceNow’s capability model (Foundation, Crawl, Walk, Run and Fly) to extend the capability around SIR, IRM and build in the ServiceNow Vulnerability Response (VR) module, this allows us to conduct more automated and system driven monitoring and mitigation for software vulnerabilities. Adding the VR module to SecurePlace (our ServiceNow security platform) will also require enhancements to the existing SIR and IRM modules to maximise value and capability.
Problem to be solved
Currently, vulnerability management and mitigation is discharged by several teams who share data via various toolsets, MS Excel files and MS Outlook emails. Vulnerability data, CIs and Asset/Service mapping is largely manual and significant time is spent to arrive at a position where identified vulnerabilities are understood in the context of our hybrid IT Estate and relevant actions communicated. Delayed decision making, remediation and understanding of resultant enterprise risk posture prevails. By adding ServiceNow Vulnerability Response module to the SecurePlace platform and integrating with the existing MVP Security Incident Response (SIR) module and MVP Governance Risk and Compliance Integrated Risk Management (GRC IRM) module manual activities will reduce due to automation on the platform which will be integrated with relevant security tools related to vulnerability management and mitigation.
Who the users are and what they need to do
Key outcomes related to this Service requirement is follow ServiceNow’s capability model, delivering a roadmap based on the Foundation, Crawl, and Walk stages, to extend the capability around SIR, IRM and build in the ServiceNow Vulnerability Response (VR) module, to conduct more automated and system driven monitoring and mitigation for software vulnerabilities, Security Operations and end-to-end processes and workflow mapping assets, to vulnerabilities, mitigations and residual risks. Implementation of these modules and end-to-end service| will mature over an initial period of 9-12 months via phased sprint deliveries onto the live SecurePlace production instance.
Early market engagement
Any work that’s already been done
Existing team
SIR, IRM and VR will be implemented onto the existing ServiceNow platform which is a SaaS based service.
Integration of existing security tooling will be required and those internal dependencies are managed via the Adaptive Security Programme. The SIR and VR modules have significant plug in capabilities to allow relatively easy integration with existing security tools
Current phase
Live

Work setup

Address where the work will take place
London
Working arrangements
onsite 3 days a week for face-to-face team meetings or Details in the SOW
Security clearance
SC

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • ServiceNow Security Operations capability
  • Provide demonstrable evidence of multiple successful Sec Ops, SIR and IRM implementations in large scale, complex organisations
  • Consult Resources including but not limited to Tenable SC, Tenable IO and Tenable One, AWS Security Hub, Splunk and Gitlab
  • Consultancy and hands-on-deployment for the design
  • Implement the VR module of ServiceNow and enhance the SIR and IRM modules by providing Subject Matter Expert (SME)
  • The successful partner will also supply architects, consultants, hands-on-deployment specialists, including their own Project Management
  • For the design and configuration to ensure the most effective and efficient implementation delivers early value realisation over a number of outcome based milestones.
  • Configuration of the enhancement of the SIR module to activate Threat Intelligence functionality
Nice-to-have skills and experience
  • The successful partner will ensure that Knowledge Transfer, of design, development or process, is delivered to both internal Security process teams and DWPPlace (ServiceNow platform) Product teams
  • The successful partner will provide relevant training and training materials during the implementation or enhancements

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
5
Proposal criteria
  • The successful partner will also supply architects, consultants, hands-on-deployment specialists,
  • including their own Project Management, for the design and configuration to ensure the most effective
  • efficient implementation delivers early value realisation over a number of outcome based milestones. (Milestones will be determined in a subsequent Statement of Work)
Cultural fit criteria
Please advise
Payment approach
Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence

60%

Cultural fit

10%

Price

30%

Questions asked by suppliers

1. We note that the submission date for this opportunity is Thursday 6 April 2023 at 11:59pm GMT but the earliest start date is the 1st of April. can you please advise on this discrepancy?
This was an error and should be the 7th April
2. Can you please advise a budget range (ex VAT if possible)?
This has not been confirmed yet
3. Can you please provide details for your requirements in the Cultural Fit Criteria? the current requirement questions says “please advise”
Please see two questions below for Cultural Fit:
1. Please detail how your organisation works to ensure a diverse workforce that is representative of the UK population as well as measures taken to ensure employees are treated fairly and equally.
2. Please detail how your organisation works to ensure the financial wellbeing of your staff and to address economic inequality.
4. Is there an incumbent?
We do not have one relating to this specific requirement
5. Is SC clearance required or eligible?
It is Required