Awarded to SA Group Ltd

Start date: Monday 11 February 2019
Value: £86,000
Company size: SME
Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care

Cyber Security Expert

24 Incomplete applications

22 SME, 2 large

33 Completed applications

30 SME, 3 large

Important dates

Friday 4 January 2019
Deadline for asking questions
Tuesday 8 January 2019 at 11:59pm GMT
Closing date for applications
Friday 11 January 2019 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
The main purpose of this role is to be the security expert for ARP to ensure security controls and protection is in place on the communication infrastructures relating to the Ambulance Service in England and support for the Welsh and Scottish Ambulance Services where appropriate.
Latest start date
Monday 4 March 2019
Expected contract length
6 months
No specific location, eg they can work remotely
Organisation the work is for
Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care
Maximum day rate
£700 per day.

About the work

Early market engagement
Who the specialist will work with
ARP delivers critical communications to the Ambulance Service. The role requires relationships to be built and maintained with a range of security specialist suppliers, Ambulance Trusts, the Cabinet Office, Government Digital Services, the wider NHS and other emergency services.

Incumbent contract for similar work package since May 2018 is expected to expire at the end of February 2019.
What the specialist will work on
1. Implementation of ISO 27001:2013 across the solution;
2. Planning for Cyber Essentials Plus accreditation and achieving accreditation for use on the ESN infrastructure;
3. Co-ordinate the security efforts of the ARP solution 3rd party suppliers;
4. Test and approve the individual and overall Operational Security Management solutions;
5. Liaise with other Government security authorities to achieve accreditation.

Work setup

Address where the work will take place
ARP has offices in central London (Waterloo), Barnsley and Corsham. This role could be based in any of these premises.
Working arrangements
Full-time (core hours of Mon-Fri 9am-5pm) on site for face-to-face and skype meetings.
Travel expenses are at NHS Agenda for Change rates: train and accommodation, if required, will be booked and paid for by the ARP PMO.
Security clearance
Security Clearance required.

Additional information

Additional terms and conditions
Standard DOS2 Call-off Contract.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • have degree education, underpinned by experience in security management;
  • have IMT service management and/or IMT security management;
  • have experience of Government Digital Service/ Public Sector security management;
  • have a current clean driving licence.
Nice-to-have skills and experience
  • evidence Diploma in Security Management;
  • evidence a proven track record in security management within a communications field environment;
  • evidence experience in testing communication technologies in operational environments.

How suppliers will be evaluated

How many specialists to evaluate
Cultural fit criteria
  • Work as a team with our organisation;
  • be transparent and collaborative when making decisions;
  • take responsibility for their work;
  • share knowledge and experience with other team members;
  • be prepared to draft and embed security policies.
Assessment methods
  • Work history
  • Interview
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Potential bidders have raised queries over the IR35 status of this role and whether there is an incumbent.
RESPONSE: Both of these issues have been covered within the published opportunity detail.
2. What level of security clearance is required for this role?
SC Security Clearance is required.
3. Location: Can you please clarify where the work will be carried out as there appears to be a conflict?
As stated in the published opportunity, this role does not need to be office-based, although ARP has 3 offices across England. What is required is for the resource to be available between the core hours on days worked for pre-arranged face-to-face meetings held at one of ARP's offices or other government sites or via skype calls.
4. Pay Rate: Is the £700 per day including Agency Fees and VAT?
The maximum of £700 per day is the net amount budgeted, including Agency Fees.
5. IR35 Status: From the Spec it is not clear whether this is inside or outside of IR35.
As this procurement is outcomes-based, it is expected that this is outside of IR35 as the Provider could substitute resources but the Provider would need to assess this for themselves.
6. Can you please advise what IMT stands for?
In the NHS Ambulance Service, IM(&)T stands for Information Management and Technology.
7. Do you require a named consultant for this work?
In order that the Provider can evidence skills and qualifications, one (or alternative) consultant(s) will need to be identified, please.
8. Is a degree essential, or will work-based experience and equivalent qualifications be sufficient?
Equivalent work-based experience and qualifications may be considered.
9. A diploma in security management is listed as a nice to have qualification. We have never seen a Cyber Security Expert requirement citing a non-cyber qualification, and this seems to be skewed to favour the incumbent. We can offer a CCP Lead certification (such as SIRA) which we consider more relevant. Would this kind of alternative be acceptable?
Please evidence the relevant qualifications that you can offer.