This opportunity is closed for applications

The deadline was Thursday 29 November 2018
Home Office

THEMIS SOA Framework implementation and DevOps pipeline development

22 Incomplete applications

16 SME, 6 large

27 Completed applications

16 SME, 11 large

Important dates

Thursday 15 November 2018
Deadline for asking questions
Thursday 22 November 2018 at 11:59pm GMT
Closing date for applications
Thursday 29 November 2018 at 11:59pm GMT


Summary of the work
The Home Office require architecture and software development services that will support creation of a Service Oriented Architecture application framework and DevOps pipeline for a new intelligence system for the Law Enforcement Community.
Expertise will be required in Service Design, Solution Architecture, Systems and Software Engineering and DevOps.
Latest start date
Thursday 31 January 2019
Expected contract length
2 years, with a potential additional period of up to 6 months for exit assistance/transition.
Organisation the work is for
Home Office
Budget range

About the work

Why the work is being done
Home Office that is seeking to replace an intelligence capability that is vital to the UK Law Enforcement Community.

Operations are currently conducted using large monolithic solutions for the management, storage and analysis of intelligence.​ One of these is nearing end of supportable life.

The replacement capability will be developed using a multi-vendor supply chain that delivers greater speed of change and reduced operating cost.

The purpose of this requirement is to deliver the enabling framework that enables integration and interaction between applications as well as establishing and operating a DevOps pipeline that will support the introduction of new capabilities.
Problem to be solved
As part of establishing a new service based on a modular and extensible Service Oriented Architecture, the customer is seeking a modular framework platform that delivers mediation and performance management between replaceable applications and supporting services.

The framework is critical to ensuring that standardised services are exploited across the system as well as providing key data that supports performance management in a multi-vendor environment. The framework is envisaged to be built from technology that minimises licensing costs and utilises industry standard interfaces by default.
Who the users are and what they need to do
The THEMIS Service Owner Group represent the Law Enforcement Organisations that are the operational users of the service. The supplier will work closely with the THEMIS Product Owner who has responsibility for managing and coordinating delivery.

The users require a collaborative approach to the development of THEMIS, leveraging the skills and expertise of suppliers in the design and incremental delivery of the THEMIS solution.
Early market engagement
Any work that’s already been done
The project has delivered an initial THEMIS architecture model that articulates the key elements of the THEMIS system as well as some key architecture principles informed by a proof of concept.

Significant user engagement across all stakeholder organisations has taken place that has helped to define the user facing services at varying degrees of detail. The findings have been captured as user stories, non-functional requirements and specific information packs.

Approaches to transition, governance, sustainment and acquisition have been developed in collaboration with operational users, including an outline delivery roadmap that considers commercial and technical dependencies and project deadlines.
Existing team
The Authority is currently supported by a D&A function who are developing the THEMIS architecture, solution design and roadmap. The role of the D&A Function supplier may be competed within the next six months.

Should this occur, the delivery of the D&A function and the provision of the framework services will be subject to exclusion. This means that the supplier of the framework services will not be considered to provide support to the design and architecture function. Bidders should take this into account when deciding whether or not to bid for framework services supplier role via this DOS3 opportunity.
Current phase
Not applicable

Work setup

Address where the work will take place
The work will take place in proximity to Home Office (2 Marsham Street) in London. Work may be required at other locations nationally from time to time.
Working arrangements
We expect team(s) to reflect the roles and capabilities listed in the Essential Skills section.

Only core team member(s), e.g. Architects, will typically be expected to be on site at least 3 days/ week, although this will depend on the nature and volume of work being delivered through the contract duration.

Solution development may take place remotely from the defined location.

Suppliers are required to participate in collaborative planning involving the wider THEMIS supply chain for each delivery increment/timebox.

Integration and testing will require the successful supplier to coordinate activities with other THEMIS suppliers.
Security clearance
SC level clearance is required for core Supplier staff working under the proposed contract.

There is potential for staff without SC clearance to partake in the development of components of THEMIS where agreed with the Authority.

Additional information

Additional terms and conditions
1. The successful Framework Supplier will not be considered in future competitions to resource the THEMIS D&A function.
2. Unless agreed, Home Office will retain ownership of the Intellectual Property Rights (IPR) created during the contract.
3. Travel and Expenses will not be paid within the M25.
4. Key Supplier staff included in proposals will be expected to work on the contract.
5. Home Office reserves the right to agree fixed price Statements of Work where considered prudent; the Supplier shall not unreasonably withhold its agreement to such requests made by the Home Office.
6. Sub-contracting is permitted.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Demonstrate experience of successful agile/iterative delivery and deployment into live service.
  • Demonstrate experience of architecting SOA-based frameworks.
  • Demonstrate experience of delivering and sustaining SOA-based frameworks.
  • Demonstrate expertise in Open Source technologies.
  • Demonstrate expertise in API gateway, mediation and business process engine technologies.
  • Demonstrate expertise in DevOps and CI/CD pipeline management.
  • Demonstrate experience in environment management, automated testing, and release management.
  • Demonstrate experience of coordinating successful agile development across multiple supplier teams to provide an integrated solution.
  • Provide evidence of the ability to provide a core team of SC-cleared resources to mobilise quickly and scale-up/down as required.
  • Demonstrate experience in testing and performance monitoring and capacity management of software components.
Nice-to-have skills and experience
  • Demonstrate experience of working in a challenging, complex and regulated environment.
  • Provide evidence of Law Enforcement domain expertise.

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Approach and Methodology
  • Value for Money
  • Ability to plan and anticipate for risks and provide potential mitigations
  • Team structure and composition (including CVs, technical skills, and core staff)
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Share knowledge and experience with other team members
  • Be transparent and collaborative when making decisions
Payment approach
Time and materials
Assessment methods
  • Written proposal
  • Case study
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Is there a full Statement of Work which can be shared?
We are developing a full Statement of Work, which will be issued to the Bidders who proceed to the Assessment stage.
2. May we know what vendor products were used within the proof of concept, and whether any selections have so far been made around your chosen API gateway, business process engine, integration tooling etc.? Thanks.
A proof of concept has been developed which was functionally and architecturally representative enough to illustrate the general concept and some of the mechanisms by which we intend to manage component replacement.
It used the following technologies for ease of prototyping rather than necessarily their fit for production use in THEMIS

API Gateway – ws02 (used elsewhere in HO)
BPM – Camunda
Forms and entity capture – Drupal 7 with REST wrappers implemented in Apache Camel
Knowledge Mgt- Confluence
LDAP repo – Active Directory
Service registry – custom java
EA/Solution Modelling – Sparx Enterprise Architect w. Archimate 3
3. Please could you tell us what THEMIS refers to please? Is it an internal project name / or another supplier?
THEMIS is an internal project name.
4. "Demonstrate expertise in API gateway, mediation and business process engine technologies.'' – what kind of technologies are HO already using / what technologies do we need to provide evidence on?
We currently have a POC which uses a combination of WSO2 products and Apache Camel.
What we are looking for is general experience of managing the lifecycle of APIs, mediation between different message versions and formats, from both a governance and runtime perspective.
We recognise that there are variations in how different products achieve this, but this question is more about demonstrating background understanding of the issues associated with managing APIs with multiple consumers which change throughout the lifetime of the delivery.
5. Can you provide more details of the technology stack that has been recommended by the current architecture? Is it Java, Jenkins for example?
THEMIS aims to integrate best-of-breed technologies for each of its modules, focusing on using open-source and open-standards.

Currently we plan to re-use an API gateway and Identity provider which use OAUTH/SAML2/JWT, implemented in WS02, but will consider using open-source or low-cost alternatives.

For BPM, the current prototype uses Camunda, but this is an early de-risk rather than a fixed product selection.

We expect to implement the UX-framework in Vue JS, but we intend to review this decision with the selected supplier.

We wish to explore options for automated-test and continuous-integration tooling with the selected supplier.
6. We understand the successful framework supplier will be excluded from the design works. However, will the successful framework supplier be excluded from future services bids/opportunities?
The successful framework supplier will only be excluded from the Design & Architecture service for THEMIS. The framework supplier is expected to contribute heavily to the design of THEMIS, working with the Design & Architecture service.

The framework supplier will be free to apply for other future THEMIS opportunities, including competitions for business applications/services for THEMIS, subject to the usual conditions regarding the avoidance of conflicts of interest.
7. Would you be happy to see more than one illustrative example offered for a given skill & experience area (e.g. evidence of using specific technologies, etc.) if available and where relevant?
8. ‘’Demonstrate expertise in Open Source technologies’’ – what kind of Open source technologies are you referring to?
We believe that this question has already been answered when responding to previous questions.
9. Are there specific SOA frameworks you are considering?
We have used the open group SOA reference architecture to categorise our services but are open to further discussion on implementation.
10. Are you open to the option of considering microservices instead of SOA?
We believe that microservices are a valid interpretation of SOA. We perceive this problem to involve orchestration rather than choreography and use of rest rather than SOAP interfaces.
11. "Demonstrate expertise in API gateway, mediation and business process engine technologies’’ – What do you mean by ‘’Mediation and business process engine technologies’’?
Mediation services would be used to convert between different versions of messages passed between services. Process engine refers to tools for the execution of process specifications in BPMN.
12. What is your understanding of mediation or are you thinking along the lines of an enterprise service bus?
Mediation services would be used to convert between different versions of messages passed between services. Process engine refers to tools for the execution of process specifications in BPMN. The techniques are the same but may not necessarily require an ESB.
13. What does D&A stand for?
D&A stands for Design and Architecture.
14. We want to ensure we can provide the best cultural fit by considering the following:
• IP strategy
• How can both parties benefit further from the outcomes?
• What is your vision for ‘what happens afterwards’?
• What is your preferred style?
Could I ask that you share the vision of ‘what good looks like’ relative to the above points, and more generally, to the Home Office?
As indicated in the DOS advertisement, the default position is that all IP created under the proposed contract would vest in the Crown, but we are willing to consider other positions on a case-by-case basis for individual elements of IP.

The intention is not to limit the legitimate exploitation of the IP generated, but any such exploitation (under license) would need to consider that Home Office would have funded the development of this IP.
15. You mention a ‘’D&A function supplier’’ – could you tell us who this is?
The D&A function is currently being delivered via a client-side support arrangement involving multiple specialist subject matter experts. The sourcing arrangements for this function may be reviewed in the near future, considering the various sourcing routes open to the Home Office, including DOS3.
16. Is there an incumbent supplier, (if so, who is it please)?
THEMIS is expected to replace (and enhance) an existing capability. The Home Office does not consider the identity of the supplier of this existing capability to be relevant to a potential bidder's decision on whether or not to apply for this opportunity.
17. ‘’Demonstrate experience in environment management..’’ – are you looking at hosting on Public / Private cloud?
We are open to any solutions that are consistent with the constraints of the classification and that meet the other requirements (e.g. integration testing with components from multiple suppliers).
18. Are you currently managing persistent or static environments?
Although not explicitly precluded, it is not likely that the environment used for the current proof of concept will be used for the development of the framework.
19. When working off site, must this be from a suitably secure location?
It is expected that all components of the framework for the system will be OFFICIAL SENSITIVE or OFFICIAL. It will be necessary to handle all designs, software and related information in an appropriate manner for the classification.