Foreign and Commonwealth Office Open Source Unit

FCO cloud application security

Incomplete applications

8
Incomplete applications
6 SME, 2 large

Completed applications

5
Completed applications
4 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Thursday 1 February 2018
Deadline for asking questions Monday 5 February 2018 at 11:59pm GMT
Closing date for applications Thursday 8 February 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work FCO require an expert to provide security for two separate cloud applications that will be used across government.
Latest start date Thursday 1 March 2018
Expected contract length 4 - 6 weeks
Location London
Organisation the work is for Foreign and Commonwealth Office Open Source Unit
Maximum day rate

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement While we have conducted user research which is guiding our development, this has been peripheral to the security requirement of the two products, which has always been seen as a necessity.
Who the specialist will work with The specialist will be working with the FCO data science team, which sits within the FCO's Open Source Unit (OSU). There is a possibility that we will also seek help from other external experts, who will also form part of the project team.
What the specialist will work on We require a security expert to ensure that two cloud applications we are launching (one developed in-house and one based on open source) meet the appropriate security accreditations for official government data. We anticipate that this will process will include:

- architecture advice, assessment and development support to maximise security

- providing a user authentication process

- implementing any further barriers to prevent unauthorised access

- end-to-end masking of user interactions

- compilation of necessary security accreditation documentation

We may merge these two applications further down the development process; the security arrangements must allow for this.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Work will be done in the FCO's London office in King Charles Street London. Some work can be done off site if the specialist wants or needs to, but the specialist must be present two days per week to enable effective discussion and decision making.
Working arrangements We would like the individual to:
Be comfortable talking to non-technical staff and translating their requirements into technical terms
Be a good listener
Where appropriate, propose changes to processes
We would like to be able to send the specialist unaccompanied to meet technical and non-technical staff, confident that they will be respectful, productive, and represent the Digital transformation unit well.
Security clearance FCO offices are secure buildings and the specialist will required SC clearance. The timeframe of the project will not allow sufficient time for clearance to be arranged for specialists that do not currently have it.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions Standard contract

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Demonstrable understanding of government cyber security requirements for official data - 20 points
  • Demonstrable experience in developing secure user authorisation and user interaction masking - 20 points
  • Demonstrable experience in producing documentation to evidence security credentials - 15 points
  • Working in an agile team to deliver software based on user requirements - 10 points
Nice-to-have skills and experience

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Demonstrable experience of working with technical and non-technical staff to understand requirements
  • Demonstrable experience of building good relationships and trust with teams both with and without departmental sponsors
  • Demonstrable expereince of quickly joining teams and understanding their needs
  • Demonstrable experience working in an agile manner
Assessment methods Work history
Evaluation weighting

Technical competence

50%

Cultural fit

20%

Price

30%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is there currently, or has there recently been, an incumbent carrying out similar work for the Authority? No
2. Can the authority please confirm whether the contract will be inside or outside of IR35? The FCO shall consider whether a handover period can be inserted into the contract which enables the FCO to buy a service (linked to milestones and/or sprints) rather than resources, which remain inside the scope of IR35.
Further discussions shall take place on this with the successful supplier at the appropriate stage of the procurement.
3. Is there a potential to extend past the stated duration? There is potential, but no guarantee.
4. Hello and good morning, can you please kindly provide a suggested day rate you would like for this procurement exercise? Thank you We don’t have a specific day rate in mind. This would be dependent on the suitability of candidates.
5. "Demonstrable experience in developing secure user authorisation and user interaction masking - 20 points" Is the question referring to FCO user accessing the application or is it public facing users? This application will be accessed by a limited number of organisations outside the FCO.
6. Grateful if you can clarify the weighting percentages as when I looked, they do not equal 100% Thanks for flagging this to us. We have checked and can confirm that they do not equate to those weighting figures originally advertised. We have not yet confirmed but here are the provisional weightings at present.