Awarded to CGI

Start date: Friday 15 December 2017
Value: £283,047.20
Company size: large
Ministry of Defence

Implementation of Acuity STREAM Risk Management Tool

2 Incomplete applications

1 SME, 1 large

2 Completed applications

1 SME, 1 large

Important dates

Tuesday 3 October 2017
Deadline for asking questions
Tuesday 10 October 2017 at 11:59pm GMT
Closing date for applications
Tuesday 17 October 2017 at 11:59pm GMT


Summary of the work
Obtaining On Premises Enterprise Edition licences of Acuity STREAM

Provide architectural expertise for design/implementation into existing Hadoop architecture

Provide support for installation (pre-production/live systems), user training and integration with modular open system architecture.

Production and maintenance of the high/low level designs for the solution, ensuring alignment with wider project direction.
Latest start date
Wednesday 1 November 2017
Expected contract length
Until 31st March 2018
South West England
Organisation the work is for
Ministry of Defence
Budget range
Approval for £300k

About the work

Why the work is being done
The UK MOD, sponsored by Joint Forces Command (JFC) Cyber Joint User, has a requirement to visualise, assess and manage the cyber-related risks across the MOD enterprise in a software tool. The MOD requires an understanding of cyber risk to make informed choices on necessary courses of action set against risk threshold. In addition, the MOD requires a method of assessing compliance with standards and regulations (eg ISO 27001, JSP 892) and an ability to support compliance audit. Work must be completed by 31 March 2018.
Problem to be solved
Delivery of a Acuity STREAM Risk Management tool, with a 2 year license, which will allow 10 concurrent users. Integration with an existing MOD-owned AHE, managed access to users at multiple sites. Initial tool configuration, VDI integration and user training, integration with a modular open system architecture and exploration of data feeds that can be exploited to inform the risk. Provision of PMO function including access to Acuity professional services.
Who the users are and what they need to do
Users require access to a risk management tool to allow visualisation, assessment and managment of the cyber-related risks across the MOD enterprise.
Early market engagement
Any work that’s already been done
Existing team
The supplier will be working with a mixture of military and civil servents
Current phase
Not applicable

Work setup

Address where the work will take place
System integration and technical effort focused at MOD Corsham (ARK Datacentres, Spring Park, Westwells Road, Corsham, Wiltshire, SN13 9GB).

User support, training and requirements elicitation at MOD Main Building (Horse Guards Avenue, London, SW1A 2HB)
Working arrangements
It is expected that the supplier spend the majority of time in Corsham, but will spend 1 to 2 days per week (flexibly) with the users in London to ensure requirements are understood, to present project progress, collaboratively configure the tool and provide user training. No expenses will be paid, these should be included in a supplier's bid.
Security clearance
SC clearance, as a minimum, for all personnel involved must be in place and valid for the duration of the contract. The Authority will not sponsor new clearances or clearance renewals.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • A proven track record in implementing Acuity STREAM (25%)
  • A proven track record in designing and implementing Hortonworks (20%)
  • Experience of delivering in an Agile (Scrum) framework (10%)
  • Have know-how of identifying and raising project dependencies, whilst working in a wider team with multiple projects in-flight (10%)
  • Familiarity with ARK Datacentres / Crown Hosting facilities (5%)
  • Weightings given above will be used at both the shortlisting and evaluation phase
Nice-to-have skills and experience
  • Previous experience of working on cyber defence projects (10%)
  • Have ability to evaluate information and present in such a way that is easily understood by the target audience, including through written and oral communication (5%)
  • Have ability to own issues and drive them to resolution. Provide direction to inform sound decisions based on business priority and technical feasibility (5%)
  • Have ability to think creatively and be able to articulate innovative ideas to solving complex business and IT problems (5%)
  • Experience working with Ministry of Defence IT systems, networks, and end user devices (MODNet, DII, RLI, SLI) (5%)
  • Weightings given above will be used at both the shortlisting and evaluation phase

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Approach and methodology (50%)
  • Estimated team size and roles (5%)
  • High-level plan and estimated work schedule (30%)
  • Approach to demonstrating progress (15%)
Cultural fit criteria
  • Have excellent interpersonal and influencing skills and a positive approach (25%)
  • Have the people skills to work with senior stakeholders to secure access to people in their working environment (30%)
  • Values and behaviours in line with MOD core values (45%)
  • Weightings given above will be used at both the shortlisting and evaluation phase
Payment approach
Fixed price
Assessment methods
  • Written proposal
  • Work history
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. What current existing architecture is in place, in regards to the Hadoop architecture.
The Hadoop architecture uses the HORTONWORKS DATA PLATFORM (HDP)
2. What is the current technology stack that is in place.
The technology stack includes, but is not limited to:
-Hortonworks Data Platform (HDP)
-Hortonworks Dataflow (HDF)
- Red Hat Linux
-Apache Knox
-Apache NiFi
3. In what capacity will training be provided? E.G Classroom
Training should be provided at user's location. Training should be a mixture of group sessions and hands on training at a user's desk.
4. What core hours will be required to support this project, both at Corsham, and London.
In Corsham, the supplier can organise their time as they see fit to accomplish the task (standard office hours in Corsham are 0900 to 1700). When the supplier is in London (one or two days a week) providing briefs/updates etc. they should provide availability between 0900 to 1700.