National Cyber Strategy Performance Dashboard

Description

Summary of work 1. Background The National Cyber Strategy 2022 (NCS) is our plan to ensure that the UK remains confident, capable and resilient in this fast-moving digital world. The strategy is governed by a continuously evolving Performance Framework that enables reporting on the progress of the strategy to the Deputy National Security Adviser, the Cyber IRIG and the Ministerial Cyber Board. In 2022, we developed an alpha version of the performance dashboard to enable (a) senior decision makers such as Ministers, Deputy National Security Adviser, and Cyber Directors to make more effective policy and delivery decisions; and (b) cyber pillar groups (made up of Cabinet Office; Department for Science, Innovation and Technology; Home Office; Foreign, Commonwealth and Development Office; Ministry of Defence and National Cyber Security Centre) to use the insights at a working level to drive a more strategic discussion on the progress, opportunities and challenges within their pillar. 2. Why do we need a dashboard? A performance dashboard has several benefits, including; - Enable more efficient use of data. The NCS Performance Framework brings together a lot of xWH data on cyber (e.g. we have over 150 quantitative indicators and 120 qualitative progress markers). This much data requires a data driven approach to organise, manage and use data to inform decisions at multiple levels. - An automated approach which requires less paperwork and saves time. We are in the process of moving away from a manual process to a more automated digital process that saves time for NSS cyber and HMG departments. The dashboard will summarise performance returns into a user friendly and succinct digital format that is more easily digestible for decision makers. - Enhances our reputation. We will continue to use the dashboard to facilitate a dialogue with key stakeholders to enhance our reputation. We have received positive feedback on the dashboard from partners. We will also use the dashboard to engage the National Cyber Advisory Board on strategy implementation. 3. Problem we are trying to solve There are a number of problems we are trying to resolve, including: - A more streamlined and automated data collection process that is easy to use for Whitehall departments - Simplified and robust processing of data to visualise performance - Put more emphasis on using data visualisation and trends to inform policy and programme decisions at multiple levels - Having a resilience performance dashboard that can sustain into the next iteration of the National Cyber Strategy - How to integrate programme-level data into the performance dashboard system - How to better integrate our system with other government reporting systems, including reporting of the new Integrated Security Fund and HMG’s Government Reporting and Information System. 4. Technology considerations To ensure our data is secure, the NCS reporting and dashboard system has been developed within the Cabinet Office information technology platform. For data collection, we use google sheets (CO and Department for Science and Technology use google) and MS excel (Home Office, FCDO, MOD and NCSC use Microsoft). We are currently using MS Powerbi as the primary platform to design the dashboard. CO currently does not have an enterprise licence for powerbi but there is a business case to secure a licence (timeframe for approval is uncertain). Looking forward, we are open minded on the reporting and data analytics software(s) that is used to gather and visualise the data. The supplier(s) will be expected to engage with CO digital team(s) to ensure the technology/software used is compliant with CO standards and direction of travel on data analytics platforms. 5. Security considerations Working with the CO Commercial Information Assurance Team, the supplier(s) will need to ensure that reporting/dashboard data is cyber secure. The supplier will be expected to build security principles into the design of the reporting and dashboard process (e.g. where the data is stored, who has access to it, password protection etc.) We currently hold data at various classification levels, including: official, official sensitive, secret and top secret. We work with both open source (official) and closed internal HMG data sets (usually Off Sen or higher). As a minimum, the team of consultants/staff should have SC clearance. The supplier(s) should also ensure they have access to consultants/staff that have Developed Vetting (DV). DV clearance is particularly important for the cyber threat pillar. Where the supplied staff will work London Where the supplied staff will work No specific location (for example they can work remotely) Who the organisation using the products or services is Cyber and technology team in National Security Secretariat, Cabinet Office Why the work is being done The NSS cyber team does not have the skills in-house to develop a data driven reporting process and maintain the dashboard over the longer-term. To date, we have worked with individual contractors to build a data driven reporting template and develop an alpha version of the dashboard. However, the dashboard development process is still very manual/time consuming and we need to further automate the process so we can maintain the dashboard in the long-term. Reliance on individual contractors is not sustainable in the medium-to-long term. We are setting up this project so we can work with a private sector supplier to further develop and automate the reporting process and dashboard products so that we have a sustainable and resilient system/products that can be maintained over the life of the current strategy and continue into next iteration of the strategy. We would like to develop a long-term relationship with the supplier so that we have the required technical backstopping support to update the dashboard for six monthly reporting cycles. The National Cyber Strategy 2022 (NCS) is a long-term strategy with no fixed timeframe. The outcomes within the strategy are due to completed by April 2024 (3 year outcomes linked to current Spending Review timeframe). The performance dashboard visualises data against these outcomes. The strategy will therefore need be refreshed at some point. We currently work on a six-monthly reporting timeframe and the dashboard is produced/updated every six months. The next reporting cyber is October 2023. It is likely that the supplier will provide data analytical support for the October to April reporting cycle with a suite of dashboards (a cross strategy dashboard and a dashboard per pillar; six in total) developed in April/May 2024. The business problem There are a number of problems we are trying to resolve, including: - A more streamlined and automated data collection process that is easy to use for Whitehall departments - Simplified and robust processing of data to visualise performance - Put more emphasis on using data visualisation and trends to inform policy and programme decisions at multiple levels - Having a resilience performance dashboard that can sustain into the next iteration of the National Cyber Strategy - How to integrate programme-level data into the performance dashboard system - How to better integrate our system with other government reporting systems, including reporting of the new Integrated Security Fund and HMG’s Government Reporting and Information System Deliverables We have taken an agile approach to developing and implementing the performance dashboard project. During each phase of development, we have sought user and customer feedback of the system and adjusted our process and products in response to this feedback. The supplier(s) will be expected to adopt an agile and learning approach to delivery. Based on our current understanding of requirements (this may change based on future feedback, learning and constructive challenge, the supplier(s) will be expected to deliver the following: - Deliverable 1 – explore ways to further automate the reporting and dashboard development process, including further development of the reporting template and data analysis process. Front load the automation work to make the dashboard easier to maintain in the long-run. Outcome: a more automated reporting and dashboard process that is more resilient and easier to sustain in the long-term. - Deliverable 2 – develop 6 dashboard products, a cross strategy dashboard and a dashboard per pillar that visualises the Q3/Q4 reporting returns in April 2024 (Q3/4 returns). Outcome: a set of dashboard products that enables us to track progress against the outcomes of the National Cyber Strategy, which enables evidence-based decisions to improve delivery and policy. - Deliverable 3 – develop a tool to process high side STRAP reporting returns and develop a low-tech high side (STRAP) dashboard for the threat pillar that visualises the high side returns. Explore ways to ensure that the STRAP dashboard is interoperable with the low side Official Sensitive dashboards. Outcome: increased capability to process reporting returns on the high side, which enables the UK intelligence community to report against the strategy. This will provide Directors, DGs and Ministers with a full picture of the progress we are making on the NCS. - Deliverable 4 – upskill the pillar groups and NSS cyber team so that they can better use the dashboard and data visualisations to support evidence-based decisions at the pillar level and for Cyber Director meetings. Outcome: NSS cyber and pillar groups have the skills to use the performance dashboard to enable evidence-based decisions at the pillar board meetings and xWH Cyber Director’s meeting. Deliverable 5 –long-term technical backstopping support to update the dashboard every six months. Outcome: a more resilient performance dashboard that is easier to update and maintain in the long-term. The people who will use the product or service User type: Head of Performance - National Cyber Strategy Definition: The Head of Performance sits in the NSS cyber and technology team and is responsible for setting up and implementing the performance system to track the implementation of the strategy. He will work very closely with the supplier on a day-to-day basis and will need to be able to update and utilise the information in the dashboard User type: NCS seniors Definition: This includes the Deputy Director for NSS cyber and technology, Cyber Whitehall Directors, the Deputy National Security Adviser and the Deputy Prime Minister. These are the principle customers of the NCS dashboard. User type: NCS pillars Definition: The NCS has five pillars with a lead department for each. The pillars are responsible for coordinating the data collection process from outcome owners and contributing departments. They will use the dashboard to inform policy and programme decisions at the pillar level. User type: Outcome Owners Definition: The NCS has 54 outcomes. Each outcome has named individual that acts as outcome owner. Outcome owners are responsible for coordinating government activities to achieve the outcome. They coordinate the data collection process at the outcome level. Outcome owners should use the dashboard to inform policy and programming decisions at the working level User type: Wider HMG cyber network Definition: Over 10 HMG departments contribute to the implementation of the NCS. As well as the pillar departmental leads - FCDO, Cabinet Office, DSIT, Home Office - the National Cyber Security Centre and Ministry of Defence are a key contributor to the strategy. The cyber network will provide data for the dashboard and should use the dashboard to inform policy and programming decisions Work done so far The National Security Secretariat (NSS) cyber team has worked with individual contractors to build a data driven reporting template and develop an alpha version of the performance dashboard. The dashboard has received positive feedback from various stakeholders, including NSS pillar groups, Cyber Directors and the National Cyber Advisory Board. The dashboard is part of a wider NCS performance system that includes the following components: - An outcome profile for each NCS outcome that enables departments to clarify governance, sub outcomes, activities, policies and metrics (excel / google sheets). - A performance framework that visualises the logic, metrics and qualitative progress markers to measure each outcome (slide deck). - A new data driven reporting template for pillars and outcome owners to complete every six months (excel / google sheets). - A performance scorecard that uses a mixture of objective evidence and professional judgement to determine a performance score and RAG rating for each outcome (excel). A cross strategy performance dashboard for senior audiences and a dashboard for each pillar (5 pillars in total) to enable evidence-based decisions (powerbi, PDF extract). The supplier(s) will work with us to build and improve upon the processes and products that are already in place. For example, how can we make the data collection process more efficient and easier to use for HMG departments? What technology/software can we use to visualise data in a way that engages stakeholders? How can we evolve our processes to ensure that pillar groups and senior stakeholders use the data visualisations to improve decision making? Which phase the project is in Beta Existing team Head of Performance - National Cyber Strategy (NSS cyber and tech team). Is responsible for designing and implementing a performance framework to track the implementation of the National Cyber Strategy. Main point of contact for the supplier. Deputy Director, NSS Cyber and Technology Team. Leads the NSS cyber and tech team and will provide strategic oversight for the dashboard contract. Address where the work will be done The majority of the work can be done remotely. The supplier team will be provided with Cabinet Office laptops. Occasionally, the supplier may need to meet with the NSS cyber and tech team at 70 Whitehall in London. If a high side dashboard product is developed for the threat pillar (depending on supplier clearance), it will need to be done onsite at 70 Whitehall. Working arrangements When the contract is awarded, we will discuss and agree working arrangements with the supplier. Most of the work will be done remotely with regular face-to-face check-ins (e.g. monthly) at 70 Whitehall, London. Security and vetting requirements Security Check (SC) Security and vetting requirements Developed Vetting (DV) More information about the Security requirements: All supplier team members will require Security Check (SC) clearance as a minimum. At least one person in the supplier team should have Developed Vetting so that they can work with threat pillar stakeholders. Latest start date 21 November 2023 Expected contract length Contract length: 2 years 0 months 0 days Optional extension: 1 years 0 months 0 days Special terms and conditions special term or condition: To ensure the dashboard is cyber secure, all dashboard products and infrastructure must be developed within the Cabinet Office technology environment. The supplier will need to work with the Cabinet Office Digital team to ensure all technology and software used is compatible with Cabinet Office policy and future direction of travel. Budget Indicative maximum: £120000 Indicative minimum: The contract value is not specified by the buyer Further information: The indicative maximum budget does not include VAT. Contracted out service or supply of resource? Supply of resource: the off-payroll rules may apply Terms and acronyms Term or acronym: NCS Definition: National Cyber Strategy Term or acronym: NSS Definition: National Security Secretariat. The National Security Secretariat provides coordination on security and intelligence issues of strategic importance across government. Term or acronym: FCDO Definition: Foreign, Commonwealth and Development Office. FCDO are the pillar lead for the global leadership pillar of the National Cyber Strategy Term or acronym: DSIT Definition: Department for Science, Innovation and Technology. DSIT are the pillar leads for the cyber ecosystem and technology advantage pillars of the National Cyber Strategy Questions and Clarifications 1. Would you seriously consider using Tableau instead of Power BI? We are keeping the door open to different data analytics solutions. Cabinet Office does have a Tableau licence and we have looked into using it. However, there are three main draw backs: (1) other government departments do not use Tableau and many of our users are from other government departments, which limits user interaction; (2) the cost per user for Tableau is more expensive than PowerBi; (3) Cabinet Office is moving towards having all government departments (including Cabinet Office) on a Microsoft platform. Last Updated : <strong>11/09/2023</strong> 2. Referring to Bid Document: Attachment 3 - Responses to Essential and Nice to have skills. Please can you clarify if the 750 Character limit is for each question I.E 750 Characters for Question 1, 750 Characters for Question 2 etc... Or is the Character Limit 750 Characters for all questions (1 - 5) as per the form suggests. It's 750 characters per question/answer. Last Updated : <strong>11/09/2023</strong> 3. We do not currently have SC/DV clearance but would not envisage an issue gaining these for key project staff. However, it appears we need a government sponsor and contract in place to commence this process. Would the lack of existing clearance disqualify us from the tender or are you happy to sponsor the approval if we are successful? We would be happy to sponsor team members for SC and DV clearance. It typically takes around 6 weeks to secure SC clearance. DV clearance takes longer (e.g. 3-9 months) but we can stagger the deliverables if needed (e.g. we only need DV/STRAP clearance for the threat pillar dashboard and that can come later). Last Updated : <strong>11/09/2023</strong> 4. (1) Your documentation specifies that an alpha version of your intended dashboard was developed in 2022. Is there any information on this, or the conclusions of that work, that can be shared here? Were any gotchas identified that can also be shared here? (2) Was the dashboard alpha mostly concerned with establishing information requirements to be surfaced visually? (3) Did any of it test data connections or viability/validity of data sources for information extraction? (4) Is data quality assumed or do you envisage further work of this nature will form part of the current procurement. (5) How 'wedded' are you to the alpha? (1) We have received positive feedback from Director’s and other stakeholders on the alpha dashboard. We produced an earlier version which received mixed feedback, including: the need for RAG ratings (rather than a score) to demonstrate outcome progress; more focus on data visualisations that show real-world impact. In the alpha version, we responded to this by converting the outcome score into a RAG rating and by elevating metrics and producing data visualisations to show trends over time. At the moment the dashboard is a static PDF extract but, in the future, we would like a live dashboard that is more interactive. (2) Yes, the first iteration of the dashboard (as mentioned above) was concerned with this. We received helpful feedback from different stakeholders, including Directors, that helped to establish the kind of information and the format the users wanted. The second iterations responded to these steers but there is plenty of room for innovation/improvement. (3) We have worked with a data scientist to improve the quality of the data, to refine the metrics and to improve the data across the framework. There is still plenty of work to done on this. Some pillars (e.g. ecosystem and technology) are ahead of others in terms of data viability/validity. FCDO have developed an indicator catalogue which will help to improve data validity for the global leadership pillar. (4) Data quality for some metrics is still an issue and is primarily my role (Head of Performance) and the pillar secretariats role to improve data quality. We also do have some access to departmental analysts/economists that are helping to improve data quality. However, the supplier will play an advisory role on data quality and there are opportunities to work together collaboratively to improve data quality. For example, how can we make better use of open source data. (5) We wouldn’t want to start from scratch. We have invested a lot of time and money into the alpha dashboard and have received positive feedback from users. But this contract is an opportunity to take the dashboard to the next level and incrementally improve on the alpha version. Last Updated : <strong>11/09/2023</strong> 5. Are consortia/sub-contract arrangements allowable in this procurement? Yes, consortia's are allowed through DOS. From the DOS guidance page: You can arrange for third parties to do some of the work (‘subcontracting’) or provide the service through a group of suppliers (‘consortia’). A buyer must agree to subcontracting or a consortium arrangement before they buy. See here for more information: https://www.gov.uk/guidance/how-to-apply-to-sell-on-the-digital-outcomes-framework#who-can-apply Last Updated : <strong>12/09/2023</strong> 6. Is there an incumbent supplier that has provided a similar service in the past 6 months? Over the past year we have worked with an individual contractor to develop the Alpha Dashboard. This was initially a contract with an individual but more recently we got access to the same individual through a contract framework held by FCDO. To clarify, the individual now works for Integrity Global (through an FCDO framework) and is technically the incumbent. However, Integrity are not a supplier on the Digital Outcomes 6 framework. Last Updated : <strong>12/09/2023</strong> 7. I would be grateful if you could confirm that the maximum budget for the 24 months for this tasking is £120,000 please. Thank you. Yes, our maximum budget is £120,000 over 24 months (excluding VAT). Last Updated : <strong>12/09/2023</strong> 8. Can you please confirm if the 'answer' box at the bottom of the Essential and Nice to Have skills template is to be used for one combined answer of 750 character count or if a 750 character limit is for each individual question? If the latter is correct then should we create a separate answer box for each question with a 750 character limit? I have checked with CCS and they confirmed it is 750 character limit per individual question. And yes, it is fine to create a separate box for each question/answer. Last Updated : <strong>12/09/2023</strong> 9. Thank you. I therefore assume, unless I hear differently from you, that it is ok to share the tender documentation under those circumstances. Yes fine to share tender documentation. Last Updated : <strong>12/09/2023</strong> 10. 1. It would be beneficial to know who was involved in creating the alpha version? 2. What are the measures of success for this project? 3. Have you been working alongside any third parties to deliver this RFP and are they bidding for it? 4. Aside from those listed in the RFP, how many stakeholders do you have for this project? 5. Are there particular timings driving this that we need to be aware of? 6.Is there any technical documentation, US/AC (user stories/acceptance criteria)? 7. Is hosting required as part of this brief? If so, what cloud/hosting is currently used? 8. What are your ongoing support requirements? 9. What is STRAP under Deliverable 3? 10. Can you give examples of data sources? Also, are these data stored in databases that are on-premises or on a cloud provider like AWS? (1) An individual contractor with data science skills created the alpha dashboard. We also worked with a data science contractor to design the data collection reporting tool that feeds into the dashboard. (2) Measures of success include: (a) feedback from dashboard users on how useful the dashboard is for decision making; (b) number and level of meetings that the dashboard is used to inform better decision-making; (c) feedback from dashboard users on how easy the dashboard is to use; (d) over time, reduction in the number of hours to create/update the dashboard (automation); (e) extent to which the dashboard is compatible with other HMG tools/processes. (3) No, we haven’t worked with a third party to deliver this RFP. (4) Stakeholders mentioned in the RFP are the main stakeholders. These stakeholders can be broken down into more detail, e.g. different units/teams within the Cabinet Office. (5) The supplier will be required to develop the next beta version of the dashboard for the Q3/4 reporting round, due in April/May 2024. (6) No. (7) For security reasons, the dashboard / data will be hosted within Cabinet Office technology infrastructure; (8) The dashboard will be updated every 6 months in line with ongoing 6-monthly reporting rounds for the National Cyber Strategy. Ongoing support requirements will be further defined during the life of the project and will depend on the system/tools that are designed for the beta version. (9) STRAP is a top-secret security clearance. An individual needs to be Developed Vetting cleared in order to get STRAP clearance. Cabinet Office can arrange STRAP clearance. If required, we can sponsor an individual contractor to be DV and then STRAP cleared. (10) Data sources include the Department for Science, Technology and Innovation annual surveys on (a) cyber breaches survey; (b) cyber security sectoral analysis; (b) cyber security in the UK labour market; (c) cyber security longitudinal survey. The data is currently stored in MS excel/google sheets. However CO does have access to AWS. Last Updated : <strong>12/09/2023</strong> 11. For clarity, could you confirm if the responses to each numbered question are limited to 750 words, or whether the entire section (e.g. all questions under "Essential Skills and Experience") is limited to 750 words? It's 750 characters per question/answer (not for the entire section). Last Updated : <strong>12/09/2023</strong> 12. Good morning. Could you please clarify the following. DOS stage 1 supplier responses to buyer questions are supposed to allow for 750 character responses excluding spaces. Your response document asks for 750 character count including spaces. Could you clarify which it is please? Many thanks That must be an error in the response document. 750 character responses excluding spaces is fine. Last Updated : <strong>12/09/2023</strong> 13. We would like to request clarification regarding the "indicative maximum budget" & "Expected contract length" please. 1. This project looks like a complex piece of work and £120,000 seems low for a team to deliver what is being requested, therefore we wanted to just clarify the budget please? 2. The ITT states two time-frames of 1 year and 2 years; is the £120,000 per year or both years The £120,000 is for 24 months (not per year). Last Updated : <strong>12/09/2023</strong> 14. Can you confirm the budget? £120,000 seems a little low The budget is £120,000 (excluding VAT) over 24 months. Last Updated : <strong>12/09/2023</strong> 15. Hi, We are experts in this type of delivery specifically with Power BI although we also have certified experience with Tableau and Qlik. However, our preference is to use another COTS system to blend the incoming data, ready for visualisation since we find DAX to be limited in ETL. Would you consider adding another tool specifically for this purpose? License costs would be annual but well within the budget including the development work required? Yes we would be open to another system to blend incoming data. We would need to check with the Cabinet Office Digital team whether the tool/system can be hosted on Cabinet Office servers. For security reasons, the data tools/dashboard needs to be developed within Cabinet Office technology infrastructure. Last Updated : <strong>12/09/2023</strong> 16. The google and excel sheets are being used as data driven reporting templates for completion every 6 months. What are the typical number of rows and columns (size) of the templates being processed? How much of the current data being entered into the excel sheets and google sheets can be captured directly from the data source and how much needs to be manually entered? We have 5 excel/google sheets files (one per pillar). Across these 5 files, we have 74 tabs (tab per outcome, 54 outcomes in total, 1 summary tab per pillar and an introduction/landing tab for each pillar; 2 reference tabs per pillar). For the outcome return forms, we have 8 columns (some columns are merged, the indicator section has the most columns) and 152 rows. Not all rows are completed with data. At the moment, all the data is being entered manually by pillar secretariats. However, approximately half of our data is from open data sources and could be piped in directly (this may be beyond the scope of the project but we are open to ideas and more efficient ways of working). Last Updated : <strong>12/09/2023</strong> 17. Is there a capability for more frequent updates instead of a 6 monthly push? We used to do quarterly reporting but found this was too much of a burden for reporting departments and there was little time to reflect/analyse the data. We have a combination of annual, quarterly and monthly data sources. Over time, we could look at updating the more monthly/quarterly data sources more regularly. Last Updated : <strong>12/09/2023</strong> 18. Please can we get a example and description of "business performance" and "policy impact"? Examples of business performance include data sources that can help departments deliver their programme activities more efficiently and effectively. Pillar secretariats should use this data to improve their programme delivery. For example, we capture data on risk, lessons learned, key activities delivered. Policy impact is essentially the extent to which the outcomes of the National Cyber Strategy (the ‘policy’) are achieved (or on track to be achieved). For example, we capture qualitative data on achievements, challenges, stories of change and quantitative metric data at the outcome-level. Last Updated : <strong>12/09/2023</strong> 19. Do you have pro license as part of a E3 of E5 subscription with MS? We currently have powerbi desktop. However, Cabinet Office digital team are working on getting a Cabinet Office powerbi enterprise licence, which will include pro. The business case for the enterprise license is advanced but the timeline is uncertain. Last Updated : <strong>12/09/2023</strong> 20. Dear Cabinet Office / CCS Team Please find our clarification questions below: 1) Have you had any meetings or scoping sessions with suppliers or software vendors regarding this piece of work? 2) Is it correct to assume that all licensing costs for PowerBI / Excel / Google sheets or other software as appropriate will be met by the Cabinet Office? 3) Regarding the 750 character limit - is it 750 characters per question OR 750 for the entire "essential" section and 750 for the entire "nice to have" section? (Attachment 3 suggests a single 750 character answer covering all 5 questions) 4) Regarding the current High Side to Low Side data flows - are there currently any tools or software used to support this? (we do not require system names / code names just an appreciation of how this is being done currently) (1) No we have not had any scoping sessions with software vendors. (2) Yes licencing costs will be met by the Cabinet Office. (3) 750 characters per question. (4) the high side system is a stand alone IT system. However, we have imported the low side templates to the high side (the high side templates are stripped of all macros and more basic). At present, I (Head of Performance) am manually processing the high side returns and manually produce a high side powerpoint dashboard (with excel data visualisation) that looks similar to the low-side dashboard. Last Updated : <strong>12/09/2023</strong> 21. Hi, We note the budget is £120,000, but the contract length is stated as 2 years + potential 1 year extension. Could you clarify what the expected length of the main delivery phases is, and whether that budget is required to cover any service provision beyond that and for what period? Expected length of the main delivery phase is 24 months. We will the evaluate whether we want to extend the contract for an additional 12 months. If we do decide to extend the contract, we will need to secure additional budget (up to £60,000 for the extension). Last Updated : <strong>12/09/2023</strong> 22. Good afternoon, Please may we submit the below questions: 1 – What volume of data is being collected? 2 - Where and how is the data being stored? 3 - How unique are the current dashboards which focus on different pillars? are they using the same data? (1) We collect data for: 54 outcomes; 5 high-level summaries, one return per pillar. Most of our outcomes use a combination of quantitative data (indicators, milestones, targets) and qualitative data (change stores, tagged to progress markers). (2) The source data (reporting returns) is stored in google sheets (ecosystem, technology and resilience pillars) and MS excel (global leadership and threat pillars). This is because some departments use Microsoft and others use Google. We have code to process the reporting returns into a single MS excel database, which is then plugged into powerbi. (3) Each pillar dashboard has the same format/layout but the data sources/content is different for each pillar. Last Updated : <strong>12/09/2023</strong> 23. We would be very grateful for additional clarifications as follows: - confirmation that data & data sources will not be moved during the work; - whether any of the source data is in the cloud; - whether any data in scope is still to be extracted from manual processes; - how many reports are in scope that you wish the eventual supplier to build; - an example of ‘programme-level’ data as the CO understands it; - estimated number of users, both during beta and for projected wider user adoption over the longer term; - a representative breakdown of anticipated user roles e.g. super-users, administrators, editors or endpoint consumers. Many thanks. (1) This depends on a number of factors, including: the approach the supplier decides to take; internal Cabinet Office digital policy. At present CO is currently using google so some of our data is stored on google sheets. However, all of HMG departments are migrating to Microsoft, so at some point we may need to store all data in Microsoft. (2) The data is stored in google sheets and MS excel. FCDO and Home Office do store their data in MS office 365. (3) at present all of our data is extracted through manual processes. One of the aims of this project is to make the data processes more automated / efficient but we realise there will be trade off choices to be made in terms of time spent on the back-end of the system vs the front-end. (4) programme-level data includes project activities delivered by departments or partners to deliver specific outputs. For example, the activities delivered/funded by the National Cyber Programme or the Conflict, Security and Stability Fund. (5) I would estimate 150-250 users spread across ten HMG departments/agencies. 6) this can be clarified during the inception phase of the contract. Last Updated : <strong>12/09/2023</strong> 24. The RFI budget is set for £120,000 over 2-3 years. Is this £120,000 per year, or for the full duration? If it is for the full duration, is the term 2 years, or 3 years? Can you provide us with a technical specification of the existing dashboard products? Specifically, what are they built in, programming languages used, connectors, API’s used. Who is currently responsible for the collation of data, to be consumed in the dashboards? How is this data presented to be consumed? Can you provide a brief overview of the existing process? The majority of our skilled professionals reside in Brazil. Will this be an issue if the subject matter is deemed “Top Secret?” The budget is £120,000 over 2 years. The current dashboard was developed in power bi and we use python to process the data and r studio for some of the more complex data visualisations. The pillar secretariats and outcome owners are responsible for collecting the data. The reporting data is presented in google sheets/MS excel and PDF static report (extracted from powerbi). The existing process is as follows: - We use outcome profiles (1 per outcome) to organise the planning for data collection. An outcome profile provides information on governance, departments involved in the outcomes, sub outcomes, activities, indicators to measure the outcome (with milestones and targets) and progress markers. - Every six months, we send a reporting template (1 per pillar) to pillar secretariats. They have one month to collect the reporting data. Pillar secretariats cascade the reporting template to their outcome owners. - When reports come in, we use python code to process all the data into a single MS excel database. We then pull together a quality assurance log that surfaces data quality issues. We work with the pillar secretariats to resolve the data quality issues (this typically takes 1 to 2 weeks). Once data quality is resolved, we then focus on building the dashboard. We develop 6 dashboards in total, one per pillar and a cross strategy dashboard. - For the threat pillar (top secre), I (Head of Performance) replicate this process manually on a stand-alone high side technology platform and develop a dashboard manually in MS powerpoint. - Once the dashboard are developed, we meet with the Deputy Director for the NSS cyber and technology team to discuss the content and layout and make changes based on her feedback. - The pillar dashboards are then used at the pillar board meetings. The cross strategy dashboard is presented to a Cyber Directors meeting where the data is scrutinised by cross Whitehall cyber Directors. It would be advantageous to have one person from the supplier that is Developed Vetted (or is willing to go through DV). We can then put them through additional top secret clearance (STRAP) so we can work with them to develop the dashboard process on the high side. This needs to be done physically. However, if this is not possible, we would be open to incrementally improving our high side processes by uploading templates that can be used by the Head of Performance (this may require the Head of Performance to be up-skilled). So, in summary, we would prefer to work with at least one person face-to-face but there are work arounds. Last Updated : <strong>14/09/2023</strong>