Awarded to Meta Mission Data Limited

Start date: Tuesday 19 March 2019
Value: £121,500
Company size: SME
Ministry of Defence Information Systems & Services

Defensive Cyber Operations (DCO) Resilience Analysis

8 Incomplete applications

5 SME, 3 large

12 Completed applications

7 SME, 5 large

Important dates

Published
Tuesday 8 January 2019
Deadline for asking questions
Tuesday 15 January 2019 at 11:59pm GMT
Closing date for applications
Tuesday 22 January 2019 at 11:59pm GMT

Overview

Summary of the work
The task will generate a classified report recommending the scope and scale of data resilience required to support Defence ambitions for DCO. The contractor will be informed through interaction with Defence and Government stakeholders to produce viable recommendations.
Latest start date
Thursday 28 February 2019
Expected contract length
4 months with an option to extend for 1 month
Location
South West England
Organisation the work is for
Ministry of Defence Information Systems & Services
Budget range
£140,000- £170,000 (Inc VAT)

About the work

Why the work is being done
The Cyber Delivery Team are delivering a number of DCO projects as part of a wider MOD Cyber Programme roadmap. The projects will deliver cyber capability across Defence using a variety of Crown facilities for data storage. A planned increase in the number of DCO stakeholders has led to the need for an assessment of existing data resilience capability.

The assessment is required to understand the level of disaster recovery and business continuity required by Defence to support future DCO.
Problem to be solved
Support the MOD Cyber Programme in understanding the levels of disaster recovery and business continuity required to support future DCO capability. The task will require the capture of existing resilience measures, understanding data requirements for the planned capability footprint and opportunities to exploit pan-Government resilience capabilities. The scope will cover security tiers at Official, Secret and Top Secret where DCO data is held.

The task will generate a report, at Secret, that will inform Defence decisions on the scope, scale and priority for DCO disaster recovery and business continuity capability to be delivered by Apr 2021.
Who the users are and what they need to do
Ministry of Defence
Early market engagement
Any work that’s already been done
Existing data resilience capability exists to support ongoing operations. A future roadmap, scheduling and capability blueprint are published and will inform the resilience analysis to be conducted.

Increment 1 of a Cyber Enterprise Architecture (CEA) project is ongoing. The resilience analysis report will inform subsequent increments of CEA.
Existing team
The existing team consists of Enterprise Architecture Leads, Project Managers and Technical Support Staff.
Current phase
Discovery

Work setup

Address where the work will take place
Information Systems and Services, Ministry of Defence Corsham, Wiltshire.
Working arrangements
Expect expertise to work from MOD Corsham with occasional travel to MOD Main Building (London) or other Government departments to understand opportunities. T&S to be included within the budget.
Security clearance
DV Clearance must be in place prior to the contract starting due to the subject matter the team are required to work with.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • • Proven track record of working with stakeholders to understand data resilience measures to support enterprise capabilities.
  • • Extensive understanding of defensive cyber capabilities and the underlying architectures required to support business outputs.
  • • Extensive understanding of cyber threats particularly in the context of a large government department with users spread both globally and operating at differing security tiers.
  • • Previous experience of working on complex cyber defence projects.
Nice-to-have skills and experience
  • • Familiarity with ARK Datacentres / Crown Hosting facilities.
  • • Experience of working with Defence organisations.
  • • Experience of working in cyber security environments.
  • • Have ability to think creatively and can articulate innovative ideas to solving complex business and ICT problems.

How suppliers will be evaluated

How many suppliers to evaluate
3
Proposal criteria
  • • Documented evidence of Essential Skills. 20%
  • • Documented proposed approach and methodology, including discovery focus, task breakdown and collaboration with existing teams. 20%
  • • An effective resource plan with suitable individuals that details individual responsibilities and time on project. 20%
  • • Supporting CVs- These shouldn't be included in the page/word limit for the main proposal but are limited to a maximum of 500 words and 1 page per person. 10%
  • • Confirmation of existing clearances. 5%
Cultural fit criteria
  • • Evidence of work in mixed teams of Crown Servants and industry partners. 2.5%
  • • Evidence of excellent values, behaviours, interpersonal and influencing skills and a positive approach. 2.5%
Payment approach
Fixed price
Assessment methods
Written proposal
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

1. You state that there is an existing team that consists
of Enterprise Architecture Leads, Project Managers
and Technical Support Staff. Could you please confirm which company/companies is/are providing
that existing team.
The existing team is predominately Crown Servants supported by a small number of client-side contractors from Atkins.
2. What is the maximum day rate for this role?
As per the task detail, this is an outcomes-based task and therefore does not have a day rate.
3. Does the scope of this Data Resilience task include textual DCO incident information, such as JSP 541-compliant incident reporting and other information?
Yes, DCO data holdings include incident information and subsequent event management, that will include system logs, configuration settings and user details.