Cabinet Office

Enhancement of the Individual Electoral Registration Digital Service (IER DS)

Incomplete applications

14
Incomplete applications
13 SME, 1 large

Completed applications

11
Completed applications
4 SME, 7 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 24 April 2019
Deadline for asking questions Wednesday 1 May 2019 at 11:59pm GMT
Closing date for applications Wednesday 8 May 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work Build of a new iteration of the Individual Electoral Registration digital service. This includes a new Serverless based citizen facing front-end, and the migration of existing components to new container based infrastructure on the public cloud.
Latest start date Monday 10 June 2019
Expected contract length Up to 13 months dependent on project scope
Location South East England
Organisation the work is for Cabinet Office
Budget range Up to £1,300,000.00 ex VAT.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The IER Digital Service (IER DS) allows citizens living in the UK to apply to register to vote online. The service was implemented in 2014 and has four distinct user journeys for different types of citizen applications: the ordinary journey (representing the majority of applicants) and public servants who are likely to be posted overseas.

Each application goes through a verification process to match applicants with data held by the DWP. The applications are returned to the IER DS with a matched or unmatched indicator and retrieved by the Electoral Registration Officers (EROs) to complete the registration process.
Problem to be solved The new iteration of the service is designed to reduce operational overheads, drive efficiencies through the use of the elastic capacity of the public cloud and generally modernise the technology stack.
Who the users are and what they need to do As a citizen
I want to:

apply to register to vote using the online Register to Vote service, so that I can vote in UK/EU elections

As a local electoral officer
I want to:

receive verified applications to register to vote, so that I can ingest verified registrations into my electoral management system

upload paper registration applications received into the Register to Vote service, so they can be verified through the same verification process as the online service

notify, and be notified by, local authorities, when an elector has moved so that our voter records are accurate
Early market engagement
Any work that’s already been done The existing service was implemented in 2014. In total over 38m applications have gone through the IER DS with over 75% of applications being made online.
Existing team It is anticipated that Supplier will supplement the existing internal team which comprises of;
Service Owner (Constitution Group, CO) up to 4 days per week
Business Analyst (Constitution Group, CO) up to 4 days per week
Delivery Manager (Digital & Technology Team, CO) up to 4 days per week
Principal Technical Architect (Digital & Technology Team, CO) up to 3 days per week

The team operates with further delivery, operational, architectural and information assurance support from Government Digital Service.
Current phase Live

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place ・Constitution Group, 1 Horse Guards Road, Westminster, London, SW1A 2HQ
・Digital & Technology Team, 50 Victoria Street, Westminster, London, SW1H 0TL
・Government Digital Service, 10 Whitechapel, High Street, London, E1 8QS
Working arrangements A combination of co-location and remote is desirable. We anticipate that workshops, demos and retrospectives will need to be face to face, and often on the Cabinet Office estate in London. Other delivery activity, agile rituals and ancillary meetings may be delivered remotely where appropriate.
Security clearance All individuals, including developers, with access to data, infrastructure, credentials, source code, architectural designs and other sensitive assets as defined by the Buyer must hold, or be prepared to undertake National Security Clearance to Security Check (SC) level or above, and be U.K based.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions The Supplier must hold Cyber Essentials Plus and ISO27001:2013 prior to commencing the engagement.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Recent experience designing and developing highly available, robust, resilient and performant public facing digital services that experience unpredictable spikey traffic patterns
  • Recent experience designing and developing highly secure digital services, conformant with all relevant NCSC cloud security principles and the Minimum Cyber Security Standard
  • Recent experience designing and developing services on the Amazon Web Services ecosystem with cloud-native toolsets, such as API Gateway, DynamoDB and Direct Connect (PSN)
  • Recent experience designing and developing compliant HTML, CSS and JavaScript code, using techniques such as responsive design and progressive enhancement
  • Recent experience designing and developing digital services that meet common accessibility compliance requirements e.g. WCAG Level AA and above
  • Recent experience of service and API design and implementation using Play Framework (Scala, Java)
  • Recent experience of designing and implementing services using containerisation and container orchestration (e.g. Docker and Kubernetes) approaches
  • Recent experience of developing systems using non-native tooling and services e.g. Github, ConcourseCi, Flux, Prometheus, Grafana, Splunk
  • Recent experience designing and developing services using AWS Lambda (NodeJS) and serverless management frameworks
Nice-to-have skills and experience
  • Familiarity with the Twelve-Factor-App methodology
  • Familiarity with GaaP services e.g. GOV.UK Notify and GOV.UK Design System.
  • Familiarity with the Government Digital Service Standard (DSS) and the GDS Way

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 3
Proposal criteria
  • Design and architecture
  • Functional testing (e.g. BDD, unit testing, pairing, code reviews)
  • Non-functional testing (e.g. load testing incl. serverless, ITHC)
  • Compliance (e.g. DSS, TCoP, MCSS, ISO, WCAG)
  • Delivery, reporting & governance
  • Plan, timeframe, risks & mitigations
  • Team structure, consistency & expertise
Cultural fit criteria
  • Corporate and social responsibility
  • Working effectively within governance frameworks
  • Working as a single collaborative and transparent team
  • Taking responsibility for the deliverables
  • Ability to engage with a broad range of stakeholders and existing suppliers
Payment approach Capped time and materials
Assessment methods
  • Written proposal
  • Case study
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence

50%

Cultural fit

15%

Price

35%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Have the previous phases for this opportunity been delivered in-house or by an incumbent supplier? Thank you for your question regarding the project.
Previous phases of this initiative (circa 2014-2016) were delivered jointly by an in-house and supplier team.
2. What is the maximum day rate on this? Specific day rates for supplier resources to deliver the solution should be included as part of a proposal submission. Proposals are to be based on the delivery of the project outcomes on a capped time and materials basis, with a maximum budget of up to £1,300,000 ex VAT.
It is the responsibility of the supplier to dictate the resource daily rates they feel would be appropriate to ensure the project outcomes are delivered to time, cost and quality, within the constraints of the budget.
3. Would you consider a collaborative approach from two organisations? From a commercial perspective a collaborative approach would be acceptable. However, suppliers must ensure that a single supplier entity is responsible for the direct engagement with the Cabinet Office and must manage the relationships with their selected partner suppliers accordingly.
4. We are currently ISO27001:2013 and Cyber Essentials compliant. We currently do not have Cyber Essentials Plus but would be able to get this prior to commencement. Is this an acceptable path? The Supplier must hold Cyber Essentials Plus and ISO27001:2013 prior to commencing the engagement. It would be acceptable for a supplier to not have Cyber Essentials Plus at the time of bidding. However, please factor in all effort involved to achieving the certification prior to the latest start date outlined in the requirements.
5. Who is the current supplier please? Information with regard to the current incumbent is commercially sensitive information and therefore we are unable to provide any further clarification on this at this stage
6. Given the specific technical requirements of this project, is there an incumbent supplier associated with this work? Yes, there is an incumbent supplier that was involved in the development of the existing solution.
7. It is our intention to do a joint bid with a partner organisation for IER DS. Once of us have ISO27001 accreditation, the other is in progress and wont be in place before contract award. Does this prelude us from bidding? The Supplier must hold Cyber Essentials Plus and ISO27001:2013 prior to commencing the engagement.
Any supplier collaborations will be treated as a single supplier entity and therefore suppliers must ensure the outlined requirements are in place across the consortium prior to commencing the engagement.
8. If a question has asked for experience using a number of different tools / technologies, is it acceptable to make reference to more than one example? Yes it would be acceptable, however consideration should be given to any word count response limitations.
9. In the AWS experience question you ask for recent experience of Direct Connect (PSN). Would experience of connecting non-AWS cloud environments to the PSN be acceptable. The key criterion is a familiarity with Cloud-to-PSN connections. Although experience of AWS Direct Connect would be an advantage, an absence of this experience would not preclude you from being included in this process.
10. Is the Buyer expecting to provide devices (i.e. laptops with systems access) for the Supplier to use for this engagement, or is the Supplier expected to provide this equipment? The Supplier is expected to provide their own equipment to deliver the solution.
11. How will access be provided to the customer's cloud environments for the purposes of development? How would the release process to production be managed? Access to the cloud accounts will be role-based in conformance with a security policy set out by the Cabinet Office. The supplier will have a high degree of autonomy working within that framework. The release process will be shaped with help from a unit of the Government Digital Service (GDS) as there are likely to be some prescribed testing / monitoring tool sets.
12. Does the existing team have a Product Manager and if so, how much of their time is allocated to working on this service? There is a Delivery Lead who is responsible for running the service full time and the Product Management aspect of the service.
13. Within the existing team, does the Delivery Manager work full time on this service? If not, how much of their time is allocated to this service? The Delivery Manager (Digital & Technology Team, CO) is currently estimated to be working on the project up to 4 days per week.
14. Is the code at https://github.com/alphagov/ier-frontend the current running frontend code? No
15. Is the backend code available in the open? If not, can it be? Not at this time. There maybe future opportunities to open source some aspects.
16. Relating to the requirement for ISO27001 certification: is it acceptable for the scope to be restricted to the service delivery function of our organisation with the associated controls being implemented and identified in the Statement of Applicability? We would expect the whole service delivery to be covered under ISO27001.
17. What are the reasons for tendering this out via DOS? Are you happy with your existing supplier? As part of the Government procurement regulations we are required to periodically re-tender for all Government required services.