Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care

Cyber Security Expert

Incomplete applications

Incomplete applications
22 SME, 2 large

Completed applications

Completed applications
30 SME, 3 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Friday 4 January 2019
Deadline for asking questions Tuesday 8 January 2019 at 11:59pm GMT
Closing date for applications Friday 11 January 2019 at 11:59pm GMT


Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work The main purpose of this role is to be the security expert for ARP to ensure security controls and protection is in place on the communication infrastructures relating to the Ambulance Service in England and support for the Welsh and Scottish Ambulance Services where appropriate.
Latest start date Monday 4 March 2019
Expected contract length 6 months
Location No specific location, eg they can work remotely
Organisation the work is for Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care
Maximum day rate £700 per day.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with ARP delivers critical communications to the Ambulance Service. The role requires relationships to be built and maintained with a range of security specialist suppliers, Ambulance Trusts, the Cabinet Office, Government Digital Services, the wider NHS and other emergency services.

Incumbent contract for similar work package since May 2018 is expected to expire at the end of February 2019.
What the specialist will work on 1. Implementation of ISO 27001:2013 across the solution;
2. Planning for Cyber Essentials Plus accreditation and achieving accreditation for use on the ESN infrastructure;
3. Co-ordinate the security efforts of the ARP solution 3rd party suppliers;
4. Test and approve the individual and overall Operational Security Management solutions;
5. Liaise with other Government security authorities to achieve accreditation.

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place ARP has offices in central London (Waterloo), Barnsley and Corsham. This role could be based in any of these premises.
Working arrangements Full-time (core hours of Mon-Fri 9am-5pm) on site for face-to-face and skype meetings.
Travel expenses are at NHS Agenda for Change rates: train and accommodation, if required, will be booked and paid for by the ARP PMO.
Security clearance Security Clearance required.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions Standard DOS2 Call-off Contract.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • have degree education, underpinned by experience in security management;
  • have IMT service management and/or IMT security management;
  • have experience of Government Digital Service/ Public Sector security management;
  • have a current clean driving licence.
Nice-to-have skills and experience
  • evidence Diploma in Security Management;
  • evidence a proven track record in security management within a communications field environment;
  • evidence experience in testing communication technologies in operational environments.

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 5
Cultural fit criteria
  • Work as a team with our organisation;
  • be transparent and collaborative when making decisions;
  • take responsibility for their work;
  • share knowledge and experience with other team members;
  • be prepared to draft and embed security policies.
Assessment methods
  • Work history
  • Interview
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Potential bidders have raised queries over the IR35 status of this role and whether there is an incumbent. RESPONSE: Both of these issues have been covered within the published opportunity detail.
2. What level of security clearance is required for this role? SC Security Clearance is required.
3. Location: Can you please clarify where the work will be carried out as there appears to be a conflict? As stated in the published opportunity, this role does not need to be office-based, although ARP has 3 offices across England. What is required is for the resource to be available between the core hours on days worked for pre-arranged face-to-face meetings held at one of ARP's offices or other government sites or via skype calls.
4. Pay Rate: Is the £700 per day including Agency Fees and VAT? The maximum of £700 per day is the net amount budgeted, including Agency Fees.
5. IR35 Status: From the Spec it is not clear whether this is inside or outside of IR35. As this procurement is outcomes-based, it is expected that this is outside of IR35 as the Provider could substitute resources but the Provider would need to assess this for themselves.
6. Can you please advise what IMT stands for? In the NHS Ambulance Service, IM(&)T stands for Information Management and Technology.
7. Do you require a named consultant for this work? In order that the Provider can evidence skills and qualifications, one (or alternative) consultant(s) will need to be identified, please.
8. Is a degree essential, or will work-based experience and equivalent qualifications be sufficient? Equivalent work-based experience and qualifications may be considered.
9. A diploma in security management is listed as a nice to have qualification. We have never seen a Cyber Security Expert requirement citing a non-cyber qualification, and this seems to be skewed to favour the incumbent. We can offer a CCP Lead certification (such as SIRA) which we consider more relevant. Would this kind of alternative be acceptable? Please evidence the relevant qualifications that you can offer.