Awarded to Actica Consulting

Start date: Wednesday 1 August 2018
Value: £840,000
Company size: SME
Metropolitan Police Service

Metropolitan Police Service Security Architecture Managed Service

5 Incomplete applications

3 SME, 2 large

17 Completed applications

12 SME, 5 large

Important dates

Friday 13 April 2018
Deadline for asking questions
Friday 20 April 2018 at 11:59pm GMT
Closing date for applications
Friday 27 April 2018 at 11:59pm GMT


Summary of the work
To provide a highly flexible, on-demand security architecture service to the Met Police across its various programmes and projects.
Latest start date
Monday 18 June 2018
Expected contract length
2 Years
Organisation the work is for
Metropolitan Police Service
Budget range
Payment will be by delivery of outcomes. However the underlying dayrates will be at public sector SFIA day rates

About the work

Why the work is being done
The Met Police is going through an extensive period of transformation. Much of this transformation is ICT focused. The Met has a number of projects and programmes where enterprise architects form a key part of the team. The aim of this contract is to deliver Infrastructure Architecture artefacts so that the Met can continue to deliver its transformation programme.
Problem to be solved
MPS Digital Policing requires additional architecture resources to deliver the change programme.
Who the users are and what they need to do
The end users are police officers and staff who need secure, dependable information systems to support policing in London.

The immediate stakeholders are the Digital Policing enterprise architecture team, project management and senior management who need high quality analysis, design and documentation, consistent with governance, to deliver major IT transformation programmes.
Early market engagement
Any work that’s already been done
Existing team
All work will be done in collaboration with the enterprise architecture team and under DPS architecture governance.
Current phase
Not applicable

Work setup

Address where the work will take place
Work will be based in the London area. Principle sites will be Empress State Building, Lillie Road, SW6 1TR and Newlands Park SE26 5NF
Working arrangements
Engagements will be managed through statements of work listing the outcomes and artefacts to be delivered. A catalogue of standard artefacts will be provided.
Security clearance
Staff will need to be cleared through Met Vetting

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Have experience operating across a breadth of information risk and security zones, offering proportionate layered approaches to controls to help to maximise risk mitigation.
  • Have knowledge to identify and articulate security controls to be applied during solution design and operation
  • Have worked in a secure environment (public or private sector)
  • Be able to demonstrate the ability to deliver on an outcomes basis
  • Have experience of presenting proposals to technical and non-technical audiences
  • Demonstrate knowledge of good practice approaches, methods and techniques for information security
  • Experience maintaining technical security standards in consultation with other organisational units
  • Experience of vulnerability management, liaising with other internal and external organisations
  • Experience in engaging with third party suppliers on security matters and working effectively in a multi supplier environment.
  • Have staff with formal qualifications in the InfoSec Training Paths and Competencies (ITPC)
Nice-to-have skills and experience
  • Experience in consultancy and advice on security requirements and secure information systems design at a strategic portfolio level
  • Experience of information security reporting in line with strategy development and delivery in partnership with the business
  • Experience of meeting security compliance and code of connection requirements

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Please provide a statement of your understanding of the requirements accompanied by a risk profile covering both risks to the Met and to yourselves as the potential supplier (40%)
  • Please provide the process and timeline from draft Statement-of-Work to commencement of work (30%)
  • Please explain how staff can commence work quickly after the supplier is commissioned (30%)
Cultural fit criteria
  • State their account management model through the contract lifetime (10%)
  • Explain how the delivery of outcomes and artefacts will be tracked and managed (35%)
  • Explain how they will engage with the formation of new projects prior to SoW, including the proposal of new opportunities in Infrastructure (35%)
  • Demonstrate past experience of working constructively in a multi-supplier environment (20%)
Payment approach
Capped time and materials
Assessment methods
  • Written proposal
  • Case study
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. The opportunity is listed as a Digital Outcome, though the skills/requirements suggest a specialist is required. Can the Authority please confirm whether they're seeking an outcome or specialist, and how many specialists are required?
The MPS is seeking the supply of security architecture outcomes that will be specified in Statements of Work under the contract. These outcomes will principally be the delivery or review of architecture artefacts during the lifetime of a project.

It is expected that the supplier's team will adapt in size to meet the commissioned workload. For guidance purposes only, the MPS anticipate an average team size of 3 people.
2. Can the Authority please confirm whether bidders are permitted to use subcontractors
Bidders are certainly permitted to use sub-contractors and/or partners. The MPS do anticipate that our primary contact is able to hold meaningful discussion around security architecture engagements and is empowered to speak on behalf of the contracting party. The contracting party will be responsible for all aspects of the work commissioned.

If the delivery of the service will be dependant on particular suppliers, the MPS will expect that relationship to be declared to the MPS.
3. Is the opportunity being assessed inside/outside IR35?
The contract will be compliant with the DOS framework and managed accordingly. The MPS will contract with the supplier for outcomes. The supplier will be expected to manage any subcontracted staff in accordance with all relevant tax law.
4. Would the Authority accept Home Office SC clearance?
The MPS will require all staff active on the contract to have undergone Met Vetting. The MPS will sponsor the suppliers staff (and associates) through this process. If staff have achieved SC then Met Vetting should not be a barrier.
5. Does the Authority require specialists to work on site full time, if so how long for? Is the work able to be carried out at the organisation's site?
We do not require full time attendance and work may be at several different sites.
It is acceptable for work to be undertaken at the suppliers site. However, suppliers will be working with sensitive data and the MPS will require that proper data protection practice is observed at all times.
6. Will other qualifications instead of ITPC be considered as equivalent (e.g. CCP, CISSP)?
Other NCSC certified or approved qualification will be accepted when appropriate to the outcome specified for a particular SoW.
7. Could you confirm the assessment method? The evaluation method is stated however the questionnaire, when submitting an application, does not cover all of this. Does the ability to provide a proposal come at a later date?
Submissions to the questionnaire will be scored to provide a shortlist. Shortlisted bidders will be invited to present a written response against some sample scenarios. These will be scored to give the preferred bidder.

When answering the questionnaire: Firstly, provide reference examples or evidence of particular activities and skills. Answers of the form ""Working for XXX, we delivered ...."" and ""Our staff are certified as XXX by organisation YYY...."" give the MPS the reason to give higher scores. Secondly, the greater the relevance of the answer to the question and the context of the MPS, will be scored higher.