Ministry of Defence

Implementation of Acuity STREAM Risk Management Tool

Incomplete applications

2
Incomplete applications
1 SME, 1 large

Completed applications

2
Completed applications
1 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 3 October 2017
Deadline for asking questions Tuesday 10 October 2017 at 11:59pm GMT
Closing date for applications Tuesday 17 October 2017 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work Obtaining On Premises Enterprise Edition licences of Acuity STREAM

Provide architectural expertise for design/implementation into existing Hadoop architecture

Provide support for installation (pre-production/live systems), user training and integration with modular open system architecture.

Production and maintenance of the high/low level designs for the solution, ensuring alignment with wider project direction.
Latest start date Wednesday 1 November 2017
Expected contract length Until 31st March 2018
Location South West England
Organisation the work is for Ministry of Defence
Budget range Approval for £300k

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The UK MOD, sponsored by Joint Forces Command (JFC) Cyber Joint User, has a requirement to visualise, assess and manage the cyber-related risks across the MOD enterprise in a software tool. The MOD requires an understanding of cyber risk to make informed choices on necessary courses of action set against risk threshold. In addition, the MOD requires a method of assessing compliance with standards and regulations (eg ISO 27001, JSP 892) and an ability to support compliance audit. Work must be completed by 31 March 2018.
Problem to be solved Delivery of a Acuity STREAM Risk Management tool, with a 2 year license, which will allow 10 concurrent users. Integration with an existing MOD-owned AHE, managed access to users at multiple sites. Initial tool configuration, VDI integration and user training, integration with a modular open system architecture and exploration of data feeds that can be exploited to inform the risk. Provision of PMO function including access to Acuity professional services.
Who the users are and what they need to do Users require access to a risk management tool to allow visualisation, assessment and managment of the cyber-related risks across the MOD enterprise.
Early market engagement None
Any work that’s already been done None
Existing team The supplier will be working with a mixture of military and civil servents
Current phase Not applicable

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place System integration and technical effort focused at MOD Corsham (ARK Datacentres, Spring Park, Westwells Road, Corsham, Wiltshire, SN13 9GB).

User support, training and requirements elicitation at MOD Main Building (Horse Guards Avenue, London, SW1A 2HB)
Working arrangements It is expected that the supplier spend the majority of time in Corsham, but will spend 1 to 2 days per week (flexibly) with the users in London to ensure requirements are understood, to present project progress, collaboratively configure the tool and provide user training. No expenses will be paid, these should be included in a supplier's bid.
Security clearance SC clearance, as a minimum, for all personnel involved must be in place and valid for the duration of the contract. The Authority will not sponsor new clearances or clearance renewals.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • A proven track record in implementing Acuity STREAM (25%)
  • A proven track record in designing and implementing Hortonworks (20%)
  • Experience of delivering in an Agile (Scrum) framework (10%)
  • Have know-how of identifying and raising project dependencies, whilst working in a wider team with multiple projects in-flight (10%)
  • Familiarity with ARK Datacentres / Crown Hosting facilities (5%)
  • Weightings given above will be used at both the shortlisting and evaluation phase
Nice-to-have skills and experience
  • Previous experience of working on cyber defence projects (10%)
  • Have ability to evaluate information and present in such a way that is easily understood by the target audience, including through written and oral communication (5%)
  • Have ability to own issues and drive them to resolution. Provide direction to inform sound decisions based on business priority and technical feasibility (5%)
  • Have ability to think creatively and be able to articulate innovative ideas to solving complex business and IT problems (5%)
  • Experience working with Ministry of Defence IT systems, networks, and end user devices (MODNet, DII, RLI, SLI) (5%)
  • Weightings given above will be used at both the shortlisting and evaluation phase

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • Approach and methodology (50%)
  • Estimated team size and roles (5%)
  • High-level plan and estimated work schedule (30%)
  • Approach to demonstrating progress (15%)
Cultural fit criteria
  • Have excellent interpersonal and influencing skills and a positive approach (25%)
  • Have the people skills to work with senior stakeholders to secure access to people in their working environment (30%)
  • Values and behaviours in line with MOD core values (45%)
  • Weightings given above will be used at both the shortlisting and evaluation phase
Payment approach Fixed price
Assessment methods
  • Written proposal
  • Work history
Evaluation weighting

Technical competence

70%

Cultural fit

10%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. What current existing architecture is in place, in regards to the Hadoop architecture. The Hadoop architecture uses the HORTONWORKS DATA PLATFORM (HDP)
2. What is the current technology stack that is in place. The technology stack includes, but is not limited to:
-Hortonworks Data Platform (HDP)
-Hortonworks Dataflow (HDF)
- Red Hat Linux
-FreeIPA
-Apache Knox
-Apache NiFi
-Kerberos
-Ranger
3. In what capacity will training be provided? E.G Classroom Training should be provided at user's location. Training should be a mixture of group sessions and hands on training at a user's desk.
4. What core hours will be required to support this project, both at Corsham, and London. In Corsham, the supplier can organise their time as they see fit to accomplish the task (standard office hours in Corsham are 0900 to 1700). When the supplier is in London (one or two days a week) providing briefs/updates etc. they should provide availability between 0900 to 1700.