CCT 999 - ASSURANCE RESOURCE TO BASE SERVICES (MODNET BASE/IUS/EVOLVE) UK AND OVERSEAS PROGRAMMES

Description

Summary of the work Provide Security Accreditation and Assurance guidance and support to Base, Evolve and IUS Projects and the Services they deliver. Expected Contract Length 4 Months Initial duration (options to extend for a further 2 x 6 Months, subject to budget approval) Latest start date Tuesday 1 June 2021 Budget Range The maximum amount of approved funds is £820,800.00 (Inc. VAT) Breakdown for technical experts: Base - £432,000.00 (Inc. VAT) Evolve - £216,000.00 (Inc. VAT) IUS - £172,800.00 (Inc. VAT) Why the Work is Being Done SME Required for SMITS C4IS/OSM SERVICE MANAGEMENT TOOLING CAPABILITY. ITSM TECHNICAL ARCHITECTURE AND COMMON INTEGRATION LAYER SME Assignment to run from 1st June 2021 until September 2021 (4 x months initial contract) Problem to Be Solved Requirement to provide Security Accreditation & Assurance knowledge and expertise for all MODNET (Base and Evolve) and IUS services Who Are the Users For the tasks required, the 'users' are the Internal Authority Project Teams and our Senior stakeholders. Early Market Engagement N/A Work Already Done Projects have already been started or are in the delivery phase and as such, the tasks are about refinement, further development and operational requirements to finalise the solution Existing Team The Existing Team consists of the following: Base Services – New Style of IT Evolve Integrated User Services Current Phase Live Skills & Experience • Conduct Technical security reviews / approvals of Supplier and MoD Design and Test documentation for compliance with Defence Security policy. 20% • Working experience of JSP 604 Accreditation, a mandatory requirement under Rule 10 of JSP 604 (Network Joining Rules) enabling the NOA to issue the Authority to Operate. 15% • Experience of supporting delivery in a large scale IT Environment (200k+ Users) using M365 10% • Recent working experience and good understanding of the MOD estate (UK and Overseas), in particular Defence Digital and wider business practices in both the Official and Secret environments 10% • Providing recommendations to the team on the direction of key deliverables; security risks, issues identified, including raising, managing of security, risk-balance cases and other security related documentation artefacts. 10% • Coordinating technical security documentation in support of CyDR to achievement of accreditation. 10% • CISM, CISSP, ISO27001 Lead Auditor or ISO27001 Lead Implementor, 5% Nice to Haves • . Experience of Security Policy Framework (Oct 13) 5% • . Experience of “Security Policy Frameworks (Apr 14) mandatory risk management/information security outcomes”. MoD must deliver overarching responsibilities in information security, risk management and apply proportionate/effective protective security. 5% • Identification and management of security related risks to project delivery and Live Service. 5% • Management of security actions that arise out of Project Meetings and Security Working Groups. 5% Work Location Defence Digital, Ministry of Defence Base Services (MODNET) Programme Security & Governance Team Bldg 405 | Floorplate F2 | MoD Corsham | Westwells Road | Corsham | SN13 9RA Working Arrangments Under C-19 restrictions, individuals will be required to work from home 5 days a week (or as agreed with their Line Manager) in order to support Project Teams in all of their Security Accreditation & Assurance activities. Some travel to MoD Corsham may be required which will need 1* approval and be approved by the MOD COVID Travel regulations Security Clearance Minimum SC – with at least 1 x DV cleared member of the Team valid for Contract duration. No. of Suppliers to Evaluate 3 Proposal Criteria • Solution and approach to the task set out above 25% • Suggested plan of action/milestones for delivery 20% • Value added activities which further improve delivery confidence 15% • Risks identified with approach suggested and the solution to manage those risks 10% • Capacity to be flexible with Project requirements 10% • Team roles and structure 5% • Value for money/maximising investment 5% • Approach to managing other suppliers 5% • Ability to quickly draw on/source other skills sets as and when required 5% Cultural Fit Criteria Experience with working with the MOD Payment Approach Fixed price Assessment Method • Work history • Reference Evaluation Weighting Technical competence 60% Cultural fit 5% Price 35% Questions from Suppliers 1. Is there a current incumbent or preferred supplier for this programme of work? We are unable to provide details of any incumbent Supplier information as this is "Commercial In confidence" and as this is a competition we would not show any preference in Suppliers at any point in a competitive procurementAlso Please Note the following:Work being done section should read as follows;Specialist Security advice to meet assurance activities is required in order to ensure Base, Evolve and IUS projects deliver key capabilities on time and fit for purpose. Budget figures should read Base - £432,000.00 (Inc. VAT)Evolve - £216,000.00 (Inc. VAT)IUS - £172,800.00 (Inc. VAT) 2. Can you please confirm who the incumbent is for these services and if this will be Outside of IR35? This Requirement is outside IR35 3. Can the Authority please confirm the size of the current team (if applicable), and the size of the team required under this scope of work? We recommend that you respond to the requirements in the advert and propose a team size which will meet all the requirements and deliverable's covered in the scope of work. 4. Can you indicate/confirm how the budget sums referred to align with the initial contract period of 4 months.. or are intended to cover any of the extension options referred to as well? The values placed within the Advert are split between the three Programmes (i.e. NSoIT £432,000.00 / Evolve £172,800.00 and IUS £216,000.00) for Security Resource over a 4-month period . These costs do not include any follow on Extension options (or their associated costs) 5. As the ‘projects have already been started or are in the delivery phase’ it has to be assumed an incumbent team is in existence & delivering this capability today, is this correct? And if it is, what is the current team size & skill set per individual team member? That is correct, there is already an Incumbent in existence which is delivering capability today. For the second part of the question (Team size & Skill Set) Please recommend your proposed team size and SME skill's in your response for delivering the scope of work and requirements in the advert. 6. The stated approved budget is £820,800.00. Is this for the initial 4-months only or does this include the two 6 month options? The £820,800.00 (Inc VAT) is the Budget for the initial 4-Month Contract only. The 2 x 6-month Extensions have been costed separately and are dependent upon further Cabinet Office Approval 7. As there is an incumbent currently undertaking the security taskings, how far within the project have they progressed and if continuing to work at their present level will they complete the work within project tolerances? The progress made by the current incumbent is not of relevance and will not be of consequence to the new incumbent. That said, the work undertaken across the programmes (i.e. NSoIT and IUS) to date, is meeting the requirements of the Projects that the incumbent supports. 8. Could the Authority please provide the most up to date version of the SPF – the version available online (May 2018) is out of date? We are awaiting a response from the Cabinet Office to confirm that the current SPF online is out of date.