HMPO Data Architecture Services

Description

Summary of the work HMPO requires a supplier to provide architecture and engineering services to create, develop and complete the design for several key data products in HMPO (e.g SOR, Data Sharing), collaborating closely with several product teams. Expected Contract Length 2 Years, with option to extend by up-to 6 months Latest start date Sunday 22 January 2023 Budget Range £6,250,000 Why the Work is Being Done HMPO is continuing to transform its IT services, implementing an agile, product centric, cloud first architecture, and is significantly advanced in the implementation of the Passport transformation and into the initial phases of Civil Registration transformation. A key element of this is the transformation of how our data is stored, appropriately shared, and utilised. Much of this is predicated on a serverless architecture with a high degree of automation, and very high security standards. Problem to Be Solved To iterate the existing designs and create new designs in support of the roadmap for a range of Digital Products focusing on the storage (including System of Record), manipulation and sharing of passport and civil registration data. These are replacing legacy systems along with creating brand new data sharing services. Who Are the Users HMPO is creating several Data Products that share common data and architecture. HMPO has several critical data sets (birth, death and marriage, as well as passport data) which services the needs of government departments, the private sector and public. For example: • registering life events; • verifying passport status; • drivers’ licence information; • bulk data sharing with government departments; and • supporting digital identify verification for access to online government services. HMPO are the core users of the service. A number of systems are utilised by multiple government agencies and departments to query databases through APIs. Work Already Done Internal Home Office capability exists. This service is fulfilled by an incumbent supplier, with the average team size over the past 12 months of approximately 11.75 FTE. Discoveries at a strategic level have been completed for almost all capabilities and some services are in beta and live. Existing Team HMPO's Transformation is being delivered by a mixture of in-house resources and other suppliers, the successful bidder will need to work with level 1 and level 2 support, HMPO delivery teams for Digital Products, Design Authorities, etc. This team will work in the HMPO Technical Design Authority and the client for these services is the HMPO Chief Technology Officer. Current Phase Live Skills & Experience • provide confirmation that it is Cyber Essentials certified. • have demonstrable experience of successfully (phrase applicable to all items below): • designing and implementing sensitive data migration, from Oracle to AWS Public Cloud considering DQ, source and target data models, and parallel running of legacy & target; • understanding user needs, designing data models/digital solutions that collect and manage personal and/or sensitive information with appropriate controls/protection implemented in AWS Public Cloud • understanding user needs, designing data models and digital solutions that collect and manage personal and/or sensitive information with appropriate controls/protection implemented in MS Azure Cloud (including MS Azure Stack) • designing and delivering migration of legacy databases and data structures to structured and unstructured databases; • defining and implementing target and transition architectures for Mission critical legacy transformation projects using Agile and Waterfall delivery methods; • designing and building data migration/transformation using Java, JMS, and Apache Nifi; • in API development (SOAP/REST and GraphQL) using Java, Spring Boot, Docker containerisation and Orchestration using Kubernetes and industry standard best practices to develop and secure APIs in AWS public cloud; • designing and building data storage solutions using AWS Aurora RDS Postgres Cluster, AWS S3; • designing and building CI/CD solutions, AWS multi account infrastructure automation pipelines using AWS Code Commit, AWS Code Pipeline, AWS CodeDeploy, AWS CodeBuild; • designing and building AWS Multi account Infrastructure Pipelines using AWS CDK, Terraform, AWS Secrets Manager; • designing and building serverless API solutions using AWS Technologies (Lambda, Amazon API Gateway, STS, CloudWatch, CloudTrail), Apollo GraphQL, TypeScript, and Java; • applying security by design in AWS Cloud based architectures, designing the security solution using AWS Config, AWS Macie, AWS Guard Duty, AWS Security Hub; • designing and building Business Intelligence solution using Microsoft PowerBI (on premise) and SSIS, SSAS and migration to PaaS and SaaS Azure offerings; and • demonstrable experience of designing and building Event Streaming Solutions using technologies like Apache Kafka. Nice to Haves • have demonstrable experience of working with a wide range of user groups including NCSC and other GCHQ agencies. • provide confirmation that it is Cyber Essentials Plus certified. Work Location London and Glasgow. Remote working is acceptable, the Supplier may work remotely or within a HMPO office hub(s). Working Arrangments Some on-site work may be required but much of the work can be completed remotely. Security Clearance SC clearance will be required for all resources delivering services. DV clearance will be required to access certain projects. Additional T&Cs Note: Home Office DDaT are applying target rates to all procurements. Although these are not mandated, it will be factored into the pricing evaluation at written proposal stage. The target daily rates (excluding VAT) are as follows: • Architecture SFIA 3: £690 • Architecture SFIA 4: £865 • Architecture SFIA 5: £1095 • Data SFIA 3: £635 • Data SFIA 4: £750 • Data SFIA 5: £1035 No. of Suppliers to Evaluate 3 Proposal Criteria • How you would ensure your approach would deliver a solution that meets HMPO’s needs. • Team structure, capability and knowledge of the technologies required to deliver the services. • Your approach to transition & handover. • Your approach to a flexible and response service. • Your experience and ability to innovate in AWS, full serverless architecture, and Microsoft Azure and MS Stack. • Value for money and how it would be maintained or improved. • Collaboration and cultural fit (Social Values) criteria Cultural Fit Criteria Under the Model Award Criteria (MAC) 3.2, the Supplier shall support innovation and disruptive technologies throughout the supply chain to deliver lower cost and/or higher quality goods and services. Payment Approach Capped time and materials Assessment Method Presentation Evaluation Weighting Technical competence 55% Cultural fit 10% Price 35% Questions from Suppliers 1. As previous procurements are a matter of public record, and as per DOS guidance, could you please advise who the incumbent supplier is, and / or provide a link to the original procurement. The existent service was procured under DOS 4 CCS agreement. The link to the previous tender is here: https://www.digitalmarketplace.service.gov.uk/digital-outcomes-and-specialists/opportunities/12647?The contract was awarded to Shivom Consultancy Limited. 2. Can you please provide an anticipated timeline for this procurement that includes dates for: 1) Shortlisting Notification for Stage 2 2) Submission Deadline for Stage 2 3) Presentation 4) Evaluation period 5) Award Notification The anticipated timelines (subject to change) are:1.) 15 November 2022 - Shortlist Notification for Stage 216 November 2022- Publication of the Further Competition Invitation22 November 2022- Clarification period closes (“Tender Clarification Deadline”)2.) 28 November 2022- Deadline for submission of a Tender to the Authority Contract (“Tender Submission Deadline”)3.) 14 December 2022- Bidder Presentations (subject to invitation and change)4.) 16 December 2022- completion of evaluation5.) 12 January 2022- Award notification and start date of 10-day Standstill period22 January 2023- Award/signature process commences22 January 2023- Earliest estimated commencement date for the Contract 3. Can you confirm if shortlisted suppliers will have the opportunity to present? Three (3) short-listed suppliers will, subject to submitting Tenders which are fully compliant and meet the minimum criteria, be required to give presentations to clarify written elements of their bid submission. 4. Has any external supplier been involved in the initial scoping work? If so, who? No external technical supplier has been engaged in the creation of the technical Requirements. 5. Please can you clarify how many people you envisage needing SC and DV clearance? At this time, there are 10 SC cleared and 1 DV cleared supplier personnel delivering services. All supplier personnel will require a minimum of SC cleareance. 6. Would the Authority be able to confirm how many concurrent assignments it expects to be running at any given time for this requirement? Further clarification required on this question. The Authority notes that this Service is to provide Data Architecture support services, and is not an assignment based requirement. 7. Could the Authority please confirm that the questions listed in the ‘Written Proposal’ section of the initial DOS 5 notice are final for the ITT phase? The information in the 'written proposal' is only an indication of the technical areas explored within Further Competition. These are not the ITT questions. 8. Is the Authority able to please confirm its anticipated timeframes between Contract Award and work starting/mobilisation? The Authority anticipates a contract signature on/about 22 January 2023. Mobilisation is expected to occur upon contract signature with service transition to be completed by 20th March 2023. Additioanl information is contained in Stage 2 Further Competition. 9. Please confirm the primary interfaces and any adjacent projects or programmes with which the team will have to collaborate during the course of this Contract? The architect owner will liaise with the TDA and BDA architects, the data and civil registration products family members, the cyber security teams, DSST team etc. The main programmes include TP097 delivery, Passport transformation and civil registration transformation programme, Strategic BI programme, etc. 10. The Authority mentions that both SC and DV Clearances are required. What levels of protective marking are likely to apply to the service? The protective marking will be official/official sensitive 11. Would the Authority please confirm who will be on the Evaluation Panel scoring the question responses? The panel evaluating the stage 1 technical responses will consist of the Service Manager for Data Architecture and the Head of Technical Design Authority. The Stage 2 technical responses will also be evaluated by the Service Manager for Cyber Security Services. 12. Is it possible for the Authority to share more information about the senior business user for the HMPO’s Data Architecture Contract and their objectives for the assignment? "The senior business user is the Head of Technical Design Authority. The objectives are in contained within Stage 2 Further Compettiion requeist. An extract is below.The objective is for the Supplier to provide Data Architecture Services that include:• technical options assessment;• high-level design;• detailed design as needed; • transition architectures;• drafting technical requirements for suppliers;• solution Documentation; • support and troubleshooting transition and go-live; and• support architecture and design assurances and governance" 13. Can the Authority share the other government agencies with whom you share information via API? There are a large number (approx 85) of government agencies and private sector organisations we share the data with. We do not believe it is relevant to provide a list of those governemtn agencies. 14. The Authority mentions that support is provided by L1 and L2 teams. Can the Authority please confirm the service hours for these support arrangements? "It varies from application to application based on the criticality. All the live applications are supported during office hours and out of hours support arrangement in place.Service hours will vary based upon the application being supported. There is no expectation the successful supplier will be on-call after core hours (0800-1800)." 15. What governance and security assurance regime will be applied to new services before they are commissioned into service? New services will have to go through assurance in Technical Design Authority, Design Authority and will have to go through a separate cyber assurance board. Major releases will also be required to go through a change assurance board. 16. Can the Authority please briefly described its design authority process and state typically how long design reviews/approvals take from end-to-end? HMPO Technical Design Authority (TDA) oversee and govern the relevant technical changes and roadmaps through a weekly governance meeting. The Design Authority (DA) meetings occur monthly, or more frequently where an ad hoc meeting is required. The timelines for approvals will depend on the complexity of the work (it could take as short as one week, or as long as several months) and plans put together with the relevant product teams. Approvals may, and typically are, provided in the first submission to TDA or DA. 17. Please could you provide some information about what you would see the make-up of the procured supplier team being? In particular, the types of roles? The Authority has no predetermined make-up of the Service. The skills and experience (with particular reference to the relevant technology) required to deliver these Services is highlighted in the advertisement. Additional information is provided to short-listed Suppliers in Stage 2 (Further Competition) on the team roles delivering the existent service. The size of the existent team (11.75 FTE), over the past 12 months, is highlighted in the advert. 18. Can HMPO share any additional detail on the existing designs mentioned in the Problems to be solved section? Further details on the technological landscape will be provided in Stage 2 (Further Competition). The relevant technical areas are highlighted within the advert (essential Skills and experience). 19. Can the Authority share who is currently running HMPO Level 1 and Level 2 support services, or is this an in-house service? Support is provide in-house by the Home Office (a combination of DDaT and HMPO) support teams. 20. The second Essential Skill requiring a case study states “have demonstrable experience of successfully (phrase applicable to all items below):” – can the Authority confirm what bidders should respond here, since it is just the initial text for the subsequent Essential Skills? Please respond with 'No answer applicable'. A blank response is also acceptable as this question will not be scored. 21. "With reference to the question below:“designing and delivering migration of legacy databases and data structures to structured and unstructured databases” could the authority provide additional context? Unstructured database as in NoSQL database or a file store such as a Hadoop file system?" Currently most of the legacy applications are running on structured relational databases. As part of the transformation, we are designing systems with relational databases. However, data will be stored in structured as well as unstructured formats like JSON. The data will also be stored in Amazon S3 services. At the moment we do not have any Hadoop based implementations. 22. What is the overlap period between start of this contract and the expiry of contract with the current incumbent? The Authority anticipates a three month overlap between the existent contract and the new contract. However, this is subject to an ongoing risk assessment where the period of overlap will be under review. The Authority may, if the risk and mitigation warrant, require a longer period. 23. Please clarify your expectations on onboarding of SC/DV clearable and SC/DV cleared staff, and when they become chargeable to HMPO, please confirm the end-to-end process and associated timelines from submission of request through to log-on credentials/equipment being issued and being billable? Average turnaround times for the clearance process is 37 calendar days for SC , and 125 calendar days for DV. In exceptional circumstances, we may seek a waiver to allow access to certain information in anticipation of clearance. This will be revoked if clearance is not granted. Once confirmation of clearance/waiver has been granted, a start date will be agreed in anticipation of requesting and issuing the log on credentials/equipment and carrying out device security checks. This will take between 2 to 5 working days. Billing will start from the agreed start date on the basis the above being completed. 24. With regards to question 15 “designing and building Business Intelligence solution using Microsoft PowerBI (on-premise) and SSIS, SSAS and migration to PaaS and SaaS Azure offerings”, please can the Authority clarify if they are explicitly asking for experience of only on-premise (not cloud-based) Microsoft PowerBI solutions. We are looking for expertise in the PowerBI solutions in general, but not limited to on-premise. 25. With regards to question 15 “designing and building Business Intelligence solution using Microsoft PowerBI (on premise) and SSIS, SSAS and migration to PaaS and SaaS Azure offerings”, please can the Authority clarify if this question is asking for experience of migrating on-premise Microsoft PowerBI solutions to cloud-based Azure solutions. The current PowerBI solution is on an on-prem cloud stack. The long term strategic solution will be cloud native and should be agnostic of the platforms and hence might require some data migration across platforms. 26. Can the submission deadline be extended? The submission deadline is automatically set by the Digital Marketplace (this portal) and cannot be amended.