Awarded to PA Consulting Services Limited (UK)

Start date: Monday 3 December 2018
Value: £145,000
Company size: large
Department for Business, Energy and Industrial Strategy

Map of Interdependencies across Civil Nuclear Sector

6 Incomplete applications

4 SME, 2 large

12 Completed applications

6 SME, 6 large

Important dates

Published
Tuesday 14 August 2018
Deadline for asking questions
Tuesday 21 August 2018 at 11:59pm GMT
Closing date for applications
Tuesday 28 August 2018 at 11:59pm GMT

Overview

Summary of the work
To scope, develop and populate a tool that maps the supply chain of the civil nuclear sector. Illustrating dependencies whilst drawing out aspects of commonality or trend themes. We have no specific format in mind, but are looking to providers to develop the best way of showing the information.
Latest start date
Sunday 30 September 2018
Expected contract length
4 months
Location
London
Organisation the work is for
Department for Business, Energy and Industrial Strategy
Budget range
The department expects this work to cost between £130,000 and £160,000 excluding VAT.

Contractors should provide a full and detailed breakdown of costs (including options where appropriate). This should include staff (and day rate) allocated to specific tasks.

About the work

Why the work is being done
Objective 1 of the BEIS Civil Nuclear Cyber Security Strategy is to deliver an understanding of the cyber vulnerabilities across the sector. In order to deliver this objective we require a comprehensive understanding of the supply chain, to identify organisations that provide cyber solutions to the sector, and to ensure that cyber risks within the supply chain itself are managed effectively. The complexity of the civil nuclear supply chain, spread across generation, enrichment and decommissioning, makes this a challenging exercise. To facilitate delivery of the strategy, and related NCSC work, the project will need to be completed by January 2019.
Problem to be solved
We are seeking to improve our understanding of the landscape of the sector by establishing and populating a tool that, utilising open source data as well as other sources, maps the supply chain structure of the civil nuclear sector. Ideally there will be a method of keeping this tool up to date beyond contract length. This product and information will be owned by BEIS.
Who the users are and what they need to do
As HMG, we need to be able to access this tool locally and easily, so that we can easily read and understand the interdependencies of the civil nuclear sector. Other stakeholders should also be permitted local role based access, such as ONR, NCSC and CPNI.
Early market engagement
Any work that’s already been done
Existing team
The supplier will be working with the civil nuclear cyber security team in BEIS who will manage the contract. The supplier will also need to work with teams in the National Cyber Security Centre and the Office for Nuclear Regulation. Engagement with the BEIS Design Authority and Industry Trade Bodies (DISA and NIA) may be required.
Current phase
Not applicable

Work setup

Address where the work will take place
Work will take place at BEIS offices (central London) and the supplier site as required.
Working arrangements
The team will be involved in regular calls or meetings to update the department on progress. The department will not cover expenses and do not require the team to work onsite. As part of the work we would like to see a milestone breakdown for the project, including a prototype viewing, early on to agree on proposal.
Security clearance
Relevant members of the team must be, at least, SC cleared.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience designing tools for uses of mixed digital literacy
  • Ability to hold, and experience in handling, information classified at SECRET.
  • Experience of data analysis and presentation
  • Ability to provide an ongoing service contract, if required.
Nice-to-have skills and experience
Demonstrate a familiarity with the nuclear sector

How suppliers will be evaluated

How many suppliers to evaluate
3
Proposal criteria
  • Technical Solution
  • Approach and methodology
  • How the approach or solution meets user needs
  • How they’ve identified risks and dependencies and offered approaches to manage them
Cultural fit criteria
  • Work as a team with our organisation and other organisations
  • Take a collaborative and sharing approach, actively seeking input from colleagues and stakeholders
  • Challenge the status quo
  • Be inventive with their ideas for developing this tool.
Payment approach
Capped time and materials
Assessment methods
  • Written proposal
  • Presentation
Evaluation weighting

Technical competence

60%

Cultural fit

10%

Price

30%

Questions asked by suppliers

1. Can you elaborate on the split of onsite work (at BEIS) and offsite (at suppliers site)? Would a supplier based outside of London be acceptable?
The majority of the work will be carried out offsite. The times that the supplier will need to come to BEIS would be to show their 'prototype' and to give updates on the work accordingly. Depending on how the project is run, they may be required to come into BEIS at regular intervals. It is because of this uncertainty that we require suppliers to be able to easily come into London regularly, if need.
2. Are you able to share any detail around how you estimated the budget to be 130k to 160k?
We have based this range from work conducted for other government departments on a very similar problem in different sectors.
3. Do you have a requirement to follow the Government's Digital Service Standard (e.g. Agile Discovery, Alpha, Beta)?
Yes, that is the purpose of the prototype showing near the start of the contract. After we see this prototype and agree that it is what we require then that is deemed the "Alpha" stage moving into "Beta".
4. What existing data does the authority hold in relation to the civil nuclear supply chain?
There is data held by the regulator, the Office of Nuclear Regulation, in the form of the List N database in the relation to sensitive nuclear information.
5. What factors in the authority believe drive the increased classification of Civil Nuclear supply chain data?
Some of the information may have a classification that requires an SC clearance level.
6. Does the BEIS have a database (or access to) with data of part numbers / systems that you want to map, along with the associated Tier 1 suppliers (that’s one level below the prime contractors) for the civil nuclear supply chain ?
The department can provide information relevant, where it exists and where access is allowed.
7. Is the task to map the civil nuclear supply chain, then identify cyber security providers. Or is the task to focus only on the cyber security providers within the civil nuclear supply chain and map these?
The task is to map the civil nuclear supply chain in full. We require all points, or as much as possible, from the entire supply chain to be identified, we do not just want the cyber security providers identified.
8. What is the approx. order of magnitude of the part numbers and Tier 1 suppliers that will need to be mapped?
The department is keen to understand what order of magnitude of the supply chain is possible to map.
9. Would the use of an existing COTS solution (with configuration) via GCloud be considered as an option or must BEIS have ownership of the product?
If this relates to a commercial and off the shelf product than that is fine. It is key however that BEIS own the data and there is a method of keeping the data updated after contract end and for the future.