Joint Cyber Unit, Part of Information Systems & Services in the Ministry of Defence

Joint Cyber Unit Capability Development and Integration Support

Incomplete applications

8
Incomplete applications
5 SME, 3 large

Completed applications

12
Completed applications
5 SME, 7 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 12 December 2018
Deadline for asking questions Wednesday 19 December 2018 at 11:59pm GMT
Closing date for applications Wednesday 26 December 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work Client-Side support is required to provide a mix of business analyst and enterprise architecture support to JCU.

The work includes Use Case refinement, business process development, technical design and knowledge transfer to support development, implementation and transformation activities within JCU.
Latest start date Monday 28 January 2019
Expected contract length 6 months with options to extend for a further 1.5 months (pending financial approval)
Location South West England
Organisation the work is for Joint Cyber Unit, Part of Information Systems & Services in the Ministry of Defence
Budget range Up to £200000 (Inc VAT and T&S)

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done JCU protects the MoD infrastructure through a set of Defensive Cyber Operations (DCO) tools. The network structure and the data sets that will be provided to JCU are changing. Current DCO tools will not be able to hold and analyse this data. Subsequently, the CySAFA project is transitioning data feeds/service to a modular, loosely coupled architecture in support of legacy tools.

JCU’s defensive capability is also evolving with the delivery of CSOC and the provision of Microsoft security tooling.

As a result, JCU is undergoing a major transformation, both in terms of business processes and defensive cyber tooling.
Problem to be solved Additional support is urgently needed to enable the transformation occurring within JCU in response to the change in defensive cyber tooling and business processes. This will allow JCU to conduct DCO at the scope and scale required to achieve Defence outputs.

There is a requirement for client-side support to the existing crown servant/military team to enable JCU transformation activities, specifically focused around CSOC, CySAFA and E5 Security Modules. This task requires skills within both enterprise architecture and business analysis.
Who the users are and what they need to do Ministry of Defence – Joint Forces Command. (Corsham).

JCU (Cor) require support to enable the JCU transformation activities detailed above.
Early market engagement N/A
Any work that’s already been done Use Case Refinement
Use Case development and validation process developed. Generation and refinement of M365 Use Cases and the relation to the wider enterprise has been initiated.

Business Process Development
Knowledge Management and CySAFA IDAM processes captured. New business processes developed to support use and management of the newly designed and implemented CSOC knowledge base. A working Risks, Assumptions, Issues, Dependencies and Opportunities log capturing opportunities for business process and capability enhancement relating to E5 tooling has been established.

Knowledge Transfer
Use case creation, defence policy and technical subject knowledge transfer in progress.
Existing team The existing team consists of crown servants and military personnel who have a wide range of functions and skillsets.
Current phase Discovery

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place MOD Corsham, Westwells Road, Corsham, Wiltshire SN13 9NR
Working arrangements The successful supplier team will work from MOD Corsham. It is not possible to deliver the necessary outputs if expertise are not available on site.

The successful supplier team may also need to travel to other MOD locations to complete elements of the work
Security clearance DV Clearance must be in place prior to the contract starting due to the projects the team are required to work with.

The Authority WILL NOT sponsor DV Clearance, it must be in place and remain valid for the duration of the contract.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions • Bid Responses to be submitted on the templates provided and in Microsoft Office Excel/Word 2016 format only
• Due to Christmas leave period, we aim to evaluate Stage 1 (shortlisting) w/c 07th Jan and aim to contact suppliers with results w/c 14th Jan, however all suppliers will be informed if these dates change
• T&S will be paid based on receipted actuals and in compliance with MoD Policy, no other expenses are permitted
• Suppliers must use the Authorities Purchase to Payment Tool called CP&F or be prepared to sign up to the tool

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Experience of helping organisations achieve an enterprise level view in order to support the delivery of complex projects
  • Experience of working with stakeholders to assess and implement business processes, governance arrangements and ways of working in relation to defensive cyber operations
  • Experience within ISS and of ongoing defence projects relating to the operation and enhancement of the MOD core networks
  • Extensive understanding of cyber threats particularly in the context of a large government department with users spread both globally and at differing security tiers
  • Understanding of wider defence initiatives and dependencies on the delivery of cyber defence
  • Understanding of DCO Operations in the context of defending the MoD enterprise
Nice-to-have skills and experience
  • Demonstrable and relevant experience of undertaking knowledge transfer
  • Have ability to think creatively and can articulate innovative ideas to solving complex business and ICT problems
  • Ability to present and articulate technical risks in a business context
  • Understanding and experience of working with HMG/ MOD policies including JSP 440 and 604

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • Documented evidence of essential skills (10%)
  • Documented proposed approach and methodology (10%)
  • Clear evidence on Proposal template (limited to the 6 pages and 2000 words), and CV’s which are not included within word count and can be sent as separate attachments (10%)
  • Detailed resource plan (10%)
  • Estimated timeframes for the work (5%)
  • Confirmation of existing clearances (5%)
Cultural fit criteria
  • Must be able to work in a mixed team of Military, MoD Civil Service and industry partners (5%)
  • Have excellent interpersonal and influencing skills and a positive approach (5%)
  • Ability to transfer knowledge and upskill staff (5%)
  • Values and behaviours in line with MoD core values (5%)
Payment approach Fixed price
Assessment methods
  • Written proposal
  • Case study
Evaluation weighting

Technical competence

50%

Cultural fit

20%

Price

30%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Can the authority please confirm the IR35 status of this requirement The intermediaries legislation does not apply to this engagement.
2. The requirement states "may need to travel to other MOD locations" can the authority please clarify is this will also include overseas locations. The Authority can confirm that no overseas travel will be expected.
3. We note that the deadline is 26th December 2018 which is a Bank Holiday. Is there any possibility of moving this deadline by a week until 2nd January 2019? The deadline is automatically set to two weeks by the Digital Marketplace and it cannot be altered, therefore the deadline must remain as 26th December 2018.
4. Will performance in this contract preclude performance in the CySAFA Next Generation contract to be let in 2019? Suppliers will not be precluded for bidding for future CySAFA opportunities. MOD will allow a supplier to operate on both the client and supply side providing that an actual or potential Conflict of Interest (COI) can be satisfactorily managed to avoid any unfair distortion in competition. Where potential or actual COI are identified, the supplier will be given the opportunity to demonstrate how this can be mitigated and resolved. Should the COI not be able to be satisfactorily managed and a fair and open competition undermined, the supplier may be excluded from the competition.
5. Will performance in this contract preclude performance in the CySAFA Next Generation contract to be let in 2019? Suppliers will not be precluded for bidding for future CySAFA opportunities. MOD will allow a supplier to operate on both the client and supply side providing that an actual or potential Conflict of Interest (COI) can be satisfactorily managed to avoid any unfair distortion in competition. Where potential or actual COI are identified, the supplier will be given the opportunity to demonstrate how this can be mitigated and resolved. Should the COI not be able to be satisfactorily managed and a fair and open competition undermined, the supplier may be excluded from the competition.
6. Will this be a T&M based contract? If not, what are the deliverables? As per the advert, this is a Fixed Price contract not T&M. The expected deliverables for this work are highlighted throughout the advert and down selected suppliers are required to provide further information around how they will achieve these deliverables in Stage 2 of the competition.
7. Are outputs to be delivered using specified process tools? If so, what are these tools? The Authority can confirm we do not use any specified process tools for the listed outputs.