Awarded to SA Group Ltd

Start date: Monday 11 February 2019
Value: £86,000
Company size: SME

Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care

Cyber Security Expert

24 Incomplete applications

22 SME, 2 large

33 Completed applications

30 SME, 3 large

• Published: Friday 4 January 2019
• Deadline for asking questions: Tuesday 8 January 2019 at 11:59pm GMT
• Closing date for applications: Friday 11 January 2019 at 11:59pm GMT

Overview

• Specialist role: Cyber security consultant
• Summary of the work: The main purpose of this role is to be the security expert for ARP to ensure security controls and protection is in place on the communication infrastructures relating to the Ambulance Service in England and support for the Welsh and Scottish Ambulance Services where appropriate.
• Latest start date: Monday 4 March 2019
• Expected contract length: 6 months
• Location: No specific location, eg they can work remotely
• Organisation the work is for: Ambulance Radio Programme (ARP) on behalf of Department of Health & Social Care
• Maximum day rate: £700 per day.

About the work

• Who the specialist will work with: ARP delivers critical communications to the Ambulance Service. The role requires relationships to be built and maintained with a range of security specialist suppliers, Ambulance Trusts, the Cabinet Office, Government Digital Services, the wider NHS and other emergency services.; ; Incumbent contract for similar work package since May 2018 is expected to expire at the end of February 2019.
• What the specialist will work on: 1. Implementation of ISO 27001:2013 across the solution;; 2. Planning for Cyber Essentials Plus accreditation and achieving accreditation for use on the ESN infrastructure;; 3. Co-ordinate the security efforts of the ARP solution 3rd party suppliers;; 4. Test and approve the individual and overall Operational Security Management solutions;; 5. Liaise with other Government security authorities to achieve accreditation.

Work setup

• Address where the work will take place: ARP has offices in central London (Waterloo), Barnsley and Corsham. This role could be based in any of these premises.
• Working arrangements: Full-time (core hours of Mon-Fri 9am-5pm) on site for face-to-face and skype meetings.; Travel expenses are at NHS Agenda for Change rates: train and accommodation, if required, will be booked and paid for by the ARP PMO.
• Security clearance: Security Clearance required.

Additional information

• Additional terms and conditions: Standard DOS2 Call-off Contract.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • have degree education, underpinned by experience in security management;
  • have IMT service management and/or IMT security management;
  • have experience of Government Digital Service/ Public Sector security management;
  • have a current clean driving licence.
• Nice-to-have skills and experience:
  • evidence Diploma in Security Management;
  • evidence a proven track record in security management within a communications field environment;
  • evidence experience in testing communication technologies in operational environments.

How suppliers will be evaluated

• How many specialists to evaluate: 5
• Cultural fit criteria:
  • Work as a team with our organisation;
  • be transparent and collaborative when making decisions;
  • take responsibility for their work;
  • share knowledge and experience with other team members;
  • be prepared to draft and embed security policies.
• Assessment methods:
  • Work history
  • Interview
• Evaluation weighting:

  Technical competence

  75%

  Cultural fit

  5%

  Price

  20%

Questions asked by suppliers

• 1. Potential bidders have raised queries over the IR35 status of this role and whether there is an incumbent.: RESPONSE: Both of these issues have been covered within the published opportunity detail.
• 2. What level of security clearance is required for this role?: SC Security Clearance is required.
• 3. Location: Can you please clarify where the work will be carried out as there appears to be a conflict?: As stated in the published opportunity, this role does not need to be office-based, although ARP has 3 offices across England. What is required is for the resource to be available between the core hours on days worked for pre-arranged face-to-face meetings held at one of ARP's offices or other government sites or via skype calls.
• 4. Pay Rate: Is the £700 per day including Agency Fees and VAT?: The maximum of £700 per day is the net amount budgeted, including Agency Fees.
• 5. IR35 Status: From the Spec it is not clear whether this is inside or outside of IR35.: As this procurement is outcomes-based, it is expected that this is outside of IR35 as the Provider could substitute resources but the Provider would need to assess this for themselves.
• 6. Can you please advise what IMT stands for?: In the NHS Ambulance Service, IM(&)T stands for Information Management and Technology.
• 7. Do you require a named consultant for this work?: In order that the Provider can evidence skills and qualifications, one (or alternative) consultant(s) will need to be identified, please.
• 8. Is a degree essential, or will work-based experience and equivalent qualifications be sufficient?: Equivalent work-based experience and qualifications may be considered.
• 9. A diploma in security management is listed as a nice to have qualification. We have never seen a Cyber Security Expert requirement citing a non-cyber qualification, and this seems to be skewed to favour the incumbent. We can offer a CCP Lead certification (such as SIRA) which we consider more relevant. Would this kind of alternative be acceptable?: Please evidence the relevant qualifications that you can offer.