Ministry of Defence Information Systems & Services

Defensive Cyber Operations (DCO) Resilience Analysis

Incomplete applications

8
Incomplete applications
5 SME, 3 large

Completed applications

12
Completed applications
7 SME, 5 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Tuesday 8 January 2019
Deadline for asking questions Tuesday 15 January 2019 at 11:59pm GMT
Closing date for applications Tuesday 22 January 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work The task will generate a classified report recommending the scope and scale of data resilience required to support Defence ambitions for DCO. The contractor will be informed through interaction with Defence and Government stakeholders to produce viable recommendations.
Latest start date Thursday 28 February 2019
Expected contract length 4 months with an option to extend for 1 month
Location South West England
Organisation the work is for Ministry of Defence Information Systems & Services
Budget range £140,000- £170,000 (Inc VAT)

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The Cyber Delivery Team are delivering a number of DCO projects as part of a wider MOD Cyber Programme roadmap. The projects will deliver cyber capability across Defence using a variety of Crown facilities for data storage. A planned increase in the number of DCO stakeholders has led to the need for an assessment of existing data resilience capability.

The assessment is required to understand the level of disaster recovery and business continuity required by Defence to support future DCO.
Problem to be solved Support the MOD Cyber Programme in understanding the levels of disaster recovery and business continuity required to support future DCO capability. The task will require the capture of existing resilience measures, understanding data requirements for the planned capability footprint and opportunities to exploit pan-Government resilience capabilities. The scope will cover security tiers at Official, Secret and Top Secret where DCO data is held.

The task will generate a report, at Secret, that will inform Defence decisions on the scope, scale and priority for DCO disaster recovery and business continuity capability to be delivered by Apr 2021.
Who the users are and what they need to do Ministry of Defence
Early market engagement
Any work that’s already been done Existing data resilience capability exists to support ongoing operations. A future roadmap, scheduling and capability blueprint are published and will inform the resilience analysis to be conducted.

Increment 1 of a Cyber Enterprise Architecture (CEA) project is ongoing. The resilience analysis report will inform subsequent increments of CEA.
Existing team The existing team consists of Enterprise Architecture Leads, Project Managers and Technical Support Staff.
Current phase Discovery

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Information Systems and Services, Ministry of Defence Corsham, Wiltshire.
Working arrangements Expect expertise to work from MOD Corsham with occasional travel to MOD Main Building (London) or other Government departments to understand opportunities. T&S to be included within the budget.
Security clearance DV Clearance must be in place prior to the contract starting due to the subject matter the team are required to work with.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • • Proven track record of working with stakeholders to understand data resilience measures to support enterprise capabilities.
  • • Extensive understanding of defensive cyber capabilities and the underlying architectures required to support business outputs.
  • • Extensive understanding of cyber threats particularly in the context of a large government department with users spread both globally and operating at differing security tiers.
  • • Previous experience of working on complex cyber defence projects.
Nice-to-have skills and experience
  • • Familiarity with ARK Datacentres / Crown Hosting facilities.
  • • Experience of working with Defence organisations.
  • • Experience of working in cyber security environments.
  • • Have ability to think creatively and can articulate innovative ideas to solving complex business and ICT problems.

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • • Documented evidence of Essential Skills. 20%
  • • Documented proposed approach and methodology, including discovery focus, task breakdown and collaboration with existing teams. 20%
  • • An effective resource plan with suitable individuals that details individual responsibilities and time on project. 20%
  • • Supporting CVs- These shouldn't be included in the page/word limit for the main proposal but are limited to a maximum of 500 words and 1 page per person. 10%
  • • Confirmation of existing clearances. 5%
Cultural fit criteria
  • • Evidence of work in mixed teams of Crown Servants and industry partners. 2.5%
  • • Evidence of excellent values, behaviours, interpersonal and influencing skills and a positive approach. 2.5%
Payment approach Fixed price
Assessment methods Written proposal
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. You state that there is an existing team that consists
of Enterprise Architecture Leads, Project Managers
and Technical Support Staff. Could you please confirm which company/companies is/are providing
that existing team.
The existing team is predominately Crown Servants supported by a small number of client-side contractors from Atkins.
2. What is the maximum day rate for this role? As per the task detail, this is an outcomes-based task and therefore does not have a day rate.
3. Does the scope of this Data Resilience task include textual DCO incident information, such as JSP 541-compliant incident reporting and other information? Yes, DCO data holdings include incident information and subsequent event management, that will include system logs, configuration settings and user details.