Cabinet Office

Understanding Information Management Risks (Alpha / Private Beta)

Incomplete applications

13
Incomplete applications
10 SME, 3 large

Completed applications

11
Completed applications
10 SME, 1 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 5 December 2018
Deadline for asking questions Wednesday 12 December 2018 at 11:59pm GMT
Closing date for applications Wednesday 19 December 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work Build of a dashboard service for multiple government departments to help them evaluate and mitigate information management risks, share reports, and track audits.

We invite proposals that are delivered as SaaS, deploy bespoke or open source code, customised commercial software, or any combination of these.
Latest start date Monday 14 January 2019
Expected contract length 10 Weeks
Location No specific location, eg they can work remotely
Organisation the work is for Cabinet Office
Budget range The guide budget range is £100-190k including VAT. This wide range allows for the various solution approaches that could potentially meet our requirement.

All travel, subsistence and other expenses must be included in the overall cost.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The work is a part of the Better Information for Better Government programme. This is a cross-government initiative led by the Cabinet Office, in partnership with The National Archives, to improve how government manages its digital information.
Problem to be solved Government carries risks due to the accumulation of digital information at scale. A common approach to understanding these risks across departments is required in order to target mitigations and investment. We envisage a service to support the generation of an Information Management Risk Dashboard.
Who the users are and what they need to do As a knowledge and information manager, I need to capture, analyse and report on risks associated with our digital information collections, so I can plan mitigation.

As a knowledge and information manager, I need to share risk reports with peers, so I can see my risks in context and collaborate/learn from others.

As a programme manager, I need to analyse and report on risk profiles of multiple government departments, so I can produce cross-government reports.

As an information management auditor, I need to capture, analyse and report on updates on digital information collections, so I can track changes.
Early market engagement
Any work that’s already been done We have completed an in-house discovery phase. This has included research and definition of user needs and project objectives. We have formed a project group representing around 12 government departments.

We have produced a risk model which describes the primary user experience and business logic for inputting to the dashboard. We have tested the inputting user experience within the project group using an Excel spreadsheet. We have reviewed the proof of concept testing to define the alpha requirement.
Existing team The Better Information for Better Government (BI4BG) team is located in the Cabinet Office (CO) working in partnership with The National Archives (TNA). It comprises a programme manager, a project lead for IM Risk Dashboard and a programme level project support lead. The supplier will interact with other digital and information management professionals in government.
Current phase Alpha

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place The supplier can work from their own premises or remotely. Interactions with the client team and partner government departments will be mainly in central London.
Working arrangements The client team will provide a product owner and service owner who could participate in weekly standups in central London or remotely. We expect to have up to six face to face interactions between client and supplier teams in central London, plus a presentation and knowledge transfer event.
Security clearance The supplier team must have at least one member with CTC or SC clearance (the short timescales for the work means we will not be able to organise security clearance).

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Have experience in delivering a management information dashboard service to be used by multiple organisations or business units (4 points)
  • Have experience in meeting the Government's digital service standard, including meeting multiple government departments’ requirements for secure online access to a cloud delivered service (4 points)
  • Have experience in delivering a user experience based on a detailed business logic and in presenting highly effective data visualisations (4 points)
Nice-to-have skills and experience
  • Provide evidence of understanding the principles of risk management and governance (2 points)
  • Provide evidence of experience of working with user groups in different operating environments, for example MS Office 365 and Google G-Suite (2 points)

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • Demonstrating an understanding of our requirements (10 points)
  • Appropriate solution approach and methodology (10 points)
  • Placing emphasis on user needs (5 points)
  • Demonstrating value for money (5 points)
  • Appropriate team structure (5 points)
  • Credible timeframes for the work (4 points)
  • Identifying risks and dependencies, and offering approaches to manage them (5 points)
Cultural fit criteria
  • Demonstrate very high quality interpersonal communications, especially showing sensitivity to government departments under competing pressures (6 points)
  • Be adept at applying agile methods in the context of more traditional working practices (6 points)
  • Function in a self-starting fashion, minimising input requirements of a very small client team (4 points)
  • Be transparent and collaborative in decision making, user acceptance, and transferring knowledge (4 points)
Payment approach Fixed price
Assessment methods
  • Written proposal
  • Presentation
Evaluation weighting

Technical competence

60%

Cultural fit

20%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. 1. Under security clearance you have mentioned that it's sufficient if one member has SC clearance. Can we assume that for any other team members that may be working remotely or in client premises do not require any form of security clearance? We confirm that one team member holding CTC or SC clearance is the minimum requirement. Other team members can gain access to client premises via visitor day passes, as required for workshops and meetings. Suppliers should note we are not able to provide continuous working space at client premises.
2. Due to the criteria on the GDS standard, most newer SMEs will have trouble providing experience in passing such assessments. Will experience on implementing the same criteria for commercial clients be considered as applicable? Passing the assessments set out in the GDS service standard will be a vital success factor for the work, so we must be confident that the supplier will understand and pass these assessments. We draw suppliers' attention in particular to section 7 - Understanding security and privacy issues. Suppliers without experience of working directly with the GDS service standard must evidence their experience of meeting industry and professional standards that are equivalent to this standard. Such evidence must show that previous work has demonstrated knowledge of and validation against industry best practice standards, not merely meeting clients' own specifications.
3. Please can you provide a link to the detailed Discovery outcomes report so that we can better understand the requirements for Alpha?

(Question will be repeated as the answer is in two parts)
Discovery outcomes (part 1):
An engaged project group of representative government departments collaborated to define and test the proof of concept. We expect the alpha-private beta user group will comprise around ten departments.

The project group agreed a risk model that defines business logic for capturing content in order to evaluate different types of risk. This model comprises a sequence of user attribute selections and keyed content to return scores.

Proof of concept testing emphasised the need to optimise usability, particularly presenting a logical user experience minimising repetitive input. Data inputs and outputs must be designed as an end-to-end process.
4. Please can you provide a link to the detailed Discovery outcomes report so that we can better understand the requirements for Alpha?

(Question will be repeated as the answer is in two parts)
Discovery outcomes (part 2):
We have captured user stories for various personas including managers/administrators who will input data and those using the outputs.

We have specified a target set of types of information collection in scope.

The high level requirements are that the service:
✦Presents the risk model for inputting and testing
✦Produces reports and data visualisations
✦Enables analysis of risks and information collections
✦Enables the re-use and export of outputs easily in other file formats
✦Meets government requirements regarding technical and security standards
✦Enables capture of updates when auditing information collections
✦Enables inter-department collaboration and data sharing
5. Have you looked at existing cloud based services that provide these user needs on G-Cloud? The client team does not currently have the capacity to configure or modify SaaS offerings from the G-cloud framework.

DOS3 suppliers are welcome to respond to this call and provide details of how G-cloud framework services could be configured or modified to meet our requirements.
6. Are you able to share any detailed dashboard requirements and associated functional and technical specifications developed to date? We do not have detailed requirements and associated functional and technical specifications at this time.
7. "Provide evidence of experience of working with user groups in different operating environments, for example MS Office 365 and Google G-Suite (2 points)" – Is this expertise in terms of integrating the solution to work with these environments or allowing users who work on these environments to access this solution for example with SSO? We do not envisage integrating the solution to work with MS 0ffice 365 or Google G-Suite. We think the optimal solution will be a service accessed via a browser. However our target user groups work in both of these operating environments, their user experiences in common use cases are likely to differ and they may use different terms to refer to information collections. We would therefore have more confidence in working with a supplier who can evidence delivering a service into multiple organisations or business units that work locally on both of the dominant office environments.
8. Have you already made a selection technologies/tools that will be used in developing the solution?

If not, is the technology selection (with UK gov standards) up to the supplier to determine?
No, we have not made a selection of technologies/tools that will be used in developing the solution.

We envisage that the optimal solution will be a service accessed via a browser, and will not involve integration of the solution into local operating systems. As stated in the opportunity, "We invite proposals that are delivered as SaaS, deploy bespoke or open source code, customised commercial software, or any combination of these." Any proposed solution must meet government technology and service standards, with particular reference to secure access.
9. Can we know who delivered Discovery phase? The discovery phase was conducted by the client team in collaboration with a project group representing around 12 government organisations. The outputs of this phase are summarised in previous answers (Q3/4).
10. Please can you clarify the following:

1. Does the budget include licence fees for any potential SasS type solution?

2. Can you please clarify your answer to question five on your DOS page where the subject of SaaS based solutions was raised; are you open to SaaS based solutions (that offer the correct levels of security etc)?

3. Can you break down the level of different users who will be using the system into approximate percentages – for example Viewers Only, Administrators, Data Maintenance.

4. How many knowledge and information managers, programme managers, and information management auditors will there be?
1. Yes. Proposals should specify any licence fees for year 1 in the cost and provide an indicative ongoing yearly licence cost.

2. We are open to SaaS based solutions that meet government technology, service delivery and security standards.

3/4. We envisage that the user types/numbers could be:

Alpha/private beta
12 knowledge and information managers (alpha testers)
24 stakeholders to review outputs
6 technology/security advisory group
6 managers/administrators

Beta (approximate numbers)
50 knowledge and information managers (beta testers)
250 stakeholders to review outputs
12 information management auditors
6 technology/security advisory group
6 managers/administrators

Live
100-250 government organisations
11. Questions
1. Have you already got “mock-ups” of the solution or would this be part of the initial discovery phase?

2. Where will the base data originate? Will it be imported by integration or by “data loading” on a regular basis? If loaded, what formats can we expect, or can we specify via a template?

3. Will an initial data migration be required and if so, please confirm that any data integrity or cleansing will be the responsibility of individual Government departments.

4. Is a public facing portal required to share this with the public or more widely within government?
1. We do not have “mock-ups” of the solution. See 'Any work that’s already been done' above and the discovery outputs summary at Qs 3&4.

2. Users will enter data by keying and making selections from preset choices.

3. No initial data migration is required.

4. No public facing portal is required. User need statements in the opportunity address the second part of this question.
12. Please can you clarify the following:

1. Will the Cabinet Office gather all the requirements for the final reports or do you expect the supplier to undertake the discovery exercise as part of the project?

2. If the supplier must undertake the discovery, how many government departments and/or agencies will need to be consulted to finalise the requirements of each?

3. Are there any security restrictions on access/viewing the data that will make up the final reports?

4. Please clarify the formats required for the reports – Printed to paper, on-screen, emailed results?
1. See A3&4 for summary of outputs from in-house discovery. More detailed discovery materials will be made available at project inception. We expect the supplier to package and provide all research, user testing, developer-commented code, and user guidance materials as fulfilment of knowledge transfer.

2. Any emergent additional work on reporting needs will be limited to the existing project group.

3. See previous answers on secure access.

4. There is currently no detailed specification of reports. Gathering user needs for outputs will be part of this work. Likely requirements will include display, print and export tabular reports and graphical charts.
13. Please can you provide details of the next steps are following this initial application i.e. deadlines for the written proposal/if there will be an interview and when? Our preliminary plans are as follows:
Shortlist: Friday 21 Dec 18 (shortlisted suppliers will be notified that day)
Proposal deadline: Wednesday 9 Jan 19 (noon)
Evaluation: Presentations Friday 11 Jan 19 (morning)

We have set this timeline to give suppliers a full week after Christmas / New Year holidays. The plan may change depending on the number of shortlisted suppliers.
14. Can you host a call with suppliers about this opportunity where we can have a live Q&A and the discussion notes are shared on this tender ad? This has proven helpful on other DM opportunities. We did consider this, but other demands on the limited team resources meant that that it was not possible on this occasion.

We have noted your feedback for when we next place an opportunity on the Marketplace.
15. If a supplier doesn't currently have CTC or SC clearance but are willing to get team members certified for these checks on award of the
opportunity/whilst procurement for this opportunity is underway, would you still consider them for award or do they have to have this in place right now?
Unfortunately the timescales for this work preclude suppliers seeking clearance on award.
The deadline for asking questions about this opportunity was Wednesday 12 December 2018.