1. 1. Under security clearance you have mentioned that it's sufficient if one member has SC clearance. Can we assume that for any other team members that may be working remotely or in client premises do not require any form of security clearance?
We confirm that one team member holding CTC or SC clearance is the minimum requirement. Other team members can gain access to client premises via visitor day passes, as required for workshops and meetings. Suppliers should note we are not able to provide continuous working space at client premises.
2. Due to the criteria on the GDS standard, most newer SMEs will have trouble providing experience in passing such assessments. Will experience on implementing the same criteria for commercial clients be considered as applicable?
Passing the assessments set out in the GDS service standard will be a vital success factor for the work, so we must be confident that the supplier will understand and pass these assessments. We draw suppliers' attention in particular to section 7 - Understanding security and privacy issues. Suppliers without experience of working directly with the GDS service standard must evidence their experience of meeting industry and professional standards that are equivalent to this standard. Such evidence must show that previous work has demonstrated knowledge of and validation against industry best practice standards, not merely meeting clients' own specifications.
3. Please can you provide a link to the detailed Discovery outcomes report so that we can better understand the requirements for Alpha?
(Question will be repeated as the answer is in two parts)
Discovery outcomes (part 1):
An engaged project group of representative government departments collaborated to define and test the proof of concept. We expect the alpha-private beta user group will comprise around ten departments.
The project group agreed a risk model that defines business logic for capturing content in order to evaluate different types of risk. This model comprises a sequence of user attribute selections and keyed content to return scores.
Proof of concept testing emphasised the need to optimise usability, particularly presenting a logical user experience minimising repetitive input. Data inputs and outputs must be designed as an end-to-end process.
4. Please can you provide a link to the detailed Discovery outcomes report so that we can better understand the requirements for Alpha?
(Question will be repeated as the answer is in two parts)
Discovery outcomes (part 2):
We have captured user stories for various personas including managers/administrators who will input data and those using the outputs.
We have specified a target set of types of information collection in scope.
The high level requirements are that the service:
✦Presents the risk model for inputting and testing
✦Produces reports and data visualisations
✦Enables analysis of risks and information collections
✦Enables the re-use and export of outputs easily in other file formats
✦Meets government requirements regarding technical and security standards
✦Enables capture of updates when auditing information collections
✦Enables inter-department collaboration and data sharing
5. Have you looked at existing cloud based services that provide these user needs on G-Cloud?
The client team does not currently have the capacity to configure or modify SaaS offerings from the G-cloud framework.
DOS3 suppliers are welcome to respond to this call and provide details of how G-cloud framework services could be configured or modified to meet our requirements.
6. Are you able to share any detailed dashboard requirements and associated functional and technical specifications developed to date?
We do not have detailed requirements and associated functional and technical specifications at this time.
7. "Provide evidence of experience of working with user groups in different operating environments, for example MS Office 365 and Google G-Suite (2 points)" – Is this expertise in terms of integrating the solution to work with these environments or allowing users who work on these environments to access this solution for example with SSO?
We do not envisage integrating the solution to work with MS 0ffice 365 or Google G-Suite. We think the optimal solution will be a service accessed via a browser. However our target user groups work in both of these operating environments, their user experiences in common use cases are likely to differ and they may use different terms to refer to information collections. We would therefore have more confidence in working with a supplier who can evidence delivering a service into multiple organisations or business units that work locally on both of the dominant office environments.
8. Have you already made a selection technologies/tools that will be used in developing the solution?
If not, is the technology selection (with UK gov standards) up to the supplier to determine?
No, we have not made a selection of technologies/tools that will be used in developing the solution.
We envisage that the optimal solution will be a service accessed via a browser, and will not involve integration of the solution into local operating systems. As stated in the opportunity, "We invite proposals that are delivered as SaaS, deploy bespoke or open source code, customised commercial software, or any combination of these." Any proposed solution must meet government technology and service standards, with particular reference to secure access.
9. Can we know who delivered Discovery phase?
The discovery phase was conducted by the client team in collaboration with a project group representing around 12 government organisations. The outputs of this phase are summarised in previous answers (Q3/4).
10. Please can you clarify the following:
1. Does the budget include licence fees for any potential SasS type solution?
2. Can you please clarify your answer to question five on your DOS page where the subject of SaaS based solutions was raised; are you open to SaaS based solutions (that offer the correct levels of security etc)?
3. Can you break down the level of different users who will be using the system into approximate percentages – for example Viewers Only, Administrators, Data Maintenance.
4. How many knowledge and information managers, programme managers, and information management auditors will there be?
1. Yes. Proposals should specify any licence fees for year 1 in the cost and provide an indicative ongoing yearly licence cost.
2. We are open to SaaS based solutions that meet government technology, service delivery and security standards.
3/4. We envisage that the user types/numbers could be:
12 knowledge and information managers (alpha testers)
24 stakeholders to review outputs
6 technology/security advisory group
Beta (approximate numbers)
50 knowledge and information managers (beta testers)
250 stakeholders to review outputs
12 information management auditors
6 technology/security advisory group
100-250 government organisations
1. Have you already got “mock-ups” of the solution or would this be part of the initial discovery phase?
2. Where will the base data originate? Will it be imported by integration or by “data loading” on a regular basis? If loaded, what formats can we expect, or can we specify via a template?
3. Will an initial data migration be required and if so, please confirm that any data integrity or cleansing will be the responsibility of individual Government departments.
4. Is a public facing portal required to share this with the public or more widely within government?
1. We do not have “mock-ups” of the solution. See 'Any work that’s already been done' above and the discovery outputs summary at Qs 3&4.
2. Users will enter data by keying and making selections from preset choices.
3. No initial data migration is required.
4. No public facing portal is required. User need statements in the opportunity address the second part of this question.
12. Please can you clarify the following:
1. Will the Cabinet Office gather all the requirements for the final reports or do you expect the supplier to undertake the discovery exercise as part of the project?
2. If the supplier must undertake the discovery, how many government departments and/or agencies will need to be consulted to finalise the requirements of each?
3. Are there any security restrictions on access/viewing the data that will make up the final reports?
4. Please clarify the formats required for the reports – Printed to paper, on-screen, emailed results?
1. See A3&4 for summary of outputs from in-house discovery. More detailed discovery materials will be made available at project inception. We expect the supplier to package and provide all research, user testing, developer-commented code, and user guidance materials as fulfilment of knowledge transfer.
2. Any emergent additional work on reporting needs will be limited to the existing project group.
3. See previous answers on secure access.
4. There is currently no detailed specification of reports. Gathering user needs for outputs will be part of this work. Likely requirements will include display, print and export tabular reports and graphical charts.
13. Please can you provide details of the next steps are following this initial application i.e. deadlines for the written proposal/if there will be an interview and when?
Our preliminary plans are as follows:
Shortlist: Friday 21 Dec 18 (shortlisted suppliers will be notified that day)
Proposal deadline: Wednesday 9 Jan 19 (noon)
Evaluation: Presentations Friday 11 Jan 19 (morning)
We have set this timeline to give suppliers a full week after Christmas / New Year holidays. The plan may change depending on the number of shortlisted suppliers.
14. Can you host a call with suppliers about this opportunity where we can have a live Q&A and the discussion notes are shared on this tender ad? This has proven helpful on other DM opportunities.
We did consider this, but other demands on the limited team resources meant that that it was not possible on this occasion.
We have noted your feedback for when we next place an opportunity on the Marketplace.
15. If a supplier doesn't currently have CTC or SC clearance but are willing to get team members certified for these checks on award of the
opportunity/whilst procurement for this opportunity is underway, would you still consider them for award or do they have to have this in place right now?
Unfortunately the timescales for this work preclude suppliers seeking clearance on award.