Awarded to LA International Computer Consultants Limited

Start date: Wednesday 28 February 2018
Value: £13,608
Company size: large
Foreign and Commonwealth Office Open Source Unit

FCO cloud application security

8 Incomplete applications

6 SME, 2 large

5 Completed applications

3 SME, 2 large

Important dates

Published
Thursday 1 February 2018
Deadline for asking questions
Monday 5 February 2018 at 11:59pm GMT
Closing date for applications
Thursday 8 February 2018 at 11:59pm GMT

Overview

Specialist role
Cyber security consultant
Summary of the work
FCO require an expert to provide security for two separate cloud applications that will be used across government.
Latest start date
Thursday 1 March 2018
Expected contract length
4 - 6 weeks
Location
London
Organisation the work is for
Foreign and Commonwealth Office Open Source Unit
Maximum day rate

About the work

Early market engagement
While we have conducted user research which is guiding our development, this has been peripheral to the security requirement of the two products, which has always been seen as a necessity.
Who the specialist will work with
The specialist will be working with the FCO data science team, which sits within the FCO's Open Source Unit (OSU). There is a possibility that we will also seek help from other external experts, who will also form part of the project team.
What the specialist will work on
We require a security expert to ensure that two cloud applications we are launching (one developed in-house and one based on open source) meet the appropriate security accreditations for official government data. We anticipate that this will process will include:

- architecture advice, assessment and development support to maximise security

- providing a user authentication process

- implementing any further barriers to prevent unauthorised access

- end-to-end masking of user interactions

- compilation of necessary security accreditation documentation

We may merge these two applications further down the development process; the security arrangements must allow for this.

Work setup

Address where the work will take place
Work will be done in the FCO's London office in King Charles Street London. Some work can be done off site if the specialist wants or needs to, but the specialist must be present two days per week to enable effective discussion and decision making.
Working arrangements
We would like the individual to:
Be comfortable talking to non-technical staff and translating their requirements into technical terms
Be a good listener
Where appropriate, propose changes to processes
We would like to be able to send the specialist unaccompanied to meet technical and non-technical staff, confident that they will be respectful, productive, and represent the Digital transformation unit well.
Security clearance
FCO offices are secure buildings and the specialist will required SC clearance. The timeframe of the project will not allow sufficient time for clearance to be arranged for specialists that do not currently have it.

Additional information

Additional terms and conditions
Standard contract

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrable understanding of government cyber security requirements for official data - 20 points
  • Demonstrable experience in developing secure user authorisation and user interaction masking - 20 points
  • Demonstrable experience in producing documentation to evidence security credentials - 15 points
  • Working in an agile team to deliver software based on user requirements - 10 points
Nice-to-have skills and experience

How suppliers will be evaluated

How many specialists to evaluate
3
Cultural fit criteria
  • Demonstrable experience of working with technical and non-technical staff to understand requirements
  • Demonstrable experience of building good relationships and trust with teams both with and without departmental sponsors
  • Demonstrable expereince of quickly joining teams and understanding their needs
  • Demonstrable experience working in an agile manner
Assessment methods
Work history
Evaluation weighting

Technical competence

50%

Cultural fit

20%

Price

30%

Questions asked by suppliers

1. Is there currently, or has there recently been, an incumbent carrying out similar work for the Authority?
No
2. Can the authority please confirm whether the contract will be inside or outside of IR35?
The FCO shall consider whether a handover period can be inserted into the contract which enables the FCO to buy a service (linked to milestones and/or sprints) rather than resources, which remain inside the scope of IR35.
Further discussions shall take place on this with the successful supplier at the appropriate stage of the procurement.
3. Is there a potential to extend past the stated duration?
There is potential, but no guarantee.
4. Hello and good morning, can you please kindly provide a suggested day rate you would like for this procurement exercise? Thank you
We don’t have a specific day rate in mind. This would be dependent on the suitability of candidates.
5. "Demonstrable experience in developing secure user authorisation and user interaction masking - 20 points" Is the question referring to FCO user accessing the application or is it public facing users?
This application will be accessed by a limited number of organisations outside the FCO.
6. Grateful if you can clarify the weighting percentages as when I looked, they do not equal 100%
Thanks for flagging this to us. We have checked and can confirm that they do not equate to those weighting figures originally advertised. We have not yet confirmed but here are the provisional weightings at present.