Her Majesty’s Passport Office

Her Majesty's Passport Office - Information Assurance Architect

Incomplete applications

12
Incomplete applications
9 SME, 3 large

Completed applications

10
Completed applications
8 SME, 2 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 16 May 2018
Deadline for asking questions Friday 18 May 2018 at 11:59pm GMT
Closing date for applications Wednesday 23 May 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Supporting development & maintenance of Security architecture
Developing Information Risk Assurance Reports
Risk discovery, treatment & analysis
Technical assessments and assurance of IT products & services
Latest start date Tuesday 5 June 2018
Expected contract length 24Months total-Initial 12months-further period up to 12months depending on business need&performance
Location London
Organisation the work is for Her Majesty’s Passport Office
Maximum day rate

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with You will work as part of a Technical Design Authority who are responsible for specific domains.
They will need to collaborate closely with delivery teams in a multi-supplier environment.
HMPO is moving from a large outsourced SI arrangement to an in-house, largely cloud based and open source based solutions delivered iteratively. Legacy technologies inc Oracle and Tibco. Strategic technology stack is based on Microservices architecture including Java, Node JS, ELK, Postgres, MongoDB, AWS, Puppet, Chef
What the specialist will work on The resource will be required to:
1. Ensure that specified security controls or other counter-measures they specify to mitigate, minimise, or treat discovered risks are pragmatic (in order to meet the requirements of the business), appropriate (i.e. commensurate with the classification and sensitivity of information assets) and cost effective (whilst appropriately technically mitigating threats to assets)
2. Lead information assurance activities against solution designs to ensure they are appropriately secure.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place London, Westminster
Working arrangements Typically on-site with wider team and clients in an Agile environment. Some site visits. Use of Confluence, Jira and ardoq are the tools used to track progress against deliverables.
Security clearance SC Clearance is required. HM Passport Office will support the clearance process.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Have proven track record of risk assessing and assuring cloud based architectures for large and complex organisations ensuring information assets are securely managed
  • Have in-depth understanding of cloud based and traditional security technologies and an in depth understanding of security specific protocols (e.g. TLS, Kerberos and SAML)
  • Experience with using attack tree methods for conducting risk assessments
  • Have in-depth understanding of outcome based approach to risk identification, management and mitigation using techniques such as risk trees
  • Good understanding of Identity management, identity lifecycle management
  • Hold CCP IA Architect and LCCP
Nice-to-have skills and experience
  • Experience of Home Office/ HMPO systems or similar government operational systems
  • Experience of GDS best practices

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative
  • Be comfortable standing up for their discipline
  • Have a no-blame culture and take responsibility for their work
Assessment methods Work history
Evaluation weighting

Technical competence

65%

Cultural fit

15%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is this the same task that was removed yesterday? What is the IR35 status? Is there a current incumbent? Yes - Minor changes to the skills and summary section.
We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
There is currently an incumbent in the role.
2. Please can you confirm if there is an incumbent in this position ? If so, is the incumbent looking to leave or will they be re-tendering for this position? There is currently an incumbent in the role.
3. Can you confirm if this role has been assessed as inside or outside of IR35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
4. Can you confirm if this role is inside or outside of the IR35 regulations? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
5. Is this a new requirement or is there an incumbent in place? There is currently an incumbent in the role.
6. Can you confirm that the Lead CCP is for the Security & Information Risk Adviser (SIRA) role, as this is not listed. If not, to which IA role does it relate? That is confirmed it is for a lead SIRA role.
7. Can you clarify the qualification required. Hold CCP IA Architect and LCCP Does the architect no longer need to be a lead? In which qualification discipline is LCCP referring to. This refers to the NCSC CCP scheme, LCCP refers to a SIRA.
8. Can the Authority please confirm what is meant by "hold LCCP"? It is referring to a SIRA.
9. Can the Authority please confirm whether 'Lead CCP' is a requirement? It is referring to a SIRA.