TPR1366 - Unmanaged Data Migration (UDM)

Description

Which phase the project is in Discovery Existing team * Data Protection Officer * Business & Technical Analyst * Information Records Management * Data Governance * Solutions Architect * Infrastructure Team Address where the work will be done Telecoms House, 125 - 135 Preston Rd, Brighton and Hove, Brighton BN1 6AF Working arrangements TPR operates a hybrid working practice. There may be times where it is appropriate to work in the office but on the whole work is done from home. Technological supply can be arranged if need be Provide more information about your security requirements: Baseline Personnel Security Standard (BPSS) Provide more information about your security requirements: Security Check (SC) Latest start date 2023-12-01 Enter the expected contract length: 7 months Extension period: 3 months Special terms and conditions Pensions Act 1. The Pensions Act 2004– Section 82 Restricted information 1.1 The parties acknowledge and agree that restricted information (as defined in clause 1.4) must not be disclosed: a) by The Pensions Regulator (the ‘Authority’) or b) by any person who receives the information directly or indirectly from the Authority. 1.2 Subsection (1) is subject to: a) clause 1.3 and b) sections 71(9), 83 to 88 and 235 of the Pensions Act 2004. 1.3 Subject to section 88(5) of the Pensions Act 2004, restricted information may be disclosed with the consent of the person to whom it relates and (if different) the person from whom the Authority obtained it. 1.4 For the purposes of this clause, ‘restricted information’ means any information obtained by the Authority in the exercise of its functions which relates to the business or other affairs of any person, except for information: a) which at the time of the disclosure is or has already been made available to the public from other sources or b) which is in the form of a summary or collection of information so framed as not to enable information relating to any particular person to be ascertained from it. DocuSign Envelope ID: 93DE5C02-B801-4CF4-8126-A901011A6EE1 13 1.5 The parties acknowledge and agree that any person who discloses information in contravention of this section is guilty of an offence and liable: a) on summary conviction, to a fine not exceeding the statutory maximum, or imprisonment for a term not exceeding 12 months, or both b) on conviction on indictment, to a fine or imprisonment for a term not exceeding (2) years, or both Are you prepared to show your budget details?: Yes Indicative maximum: 300000 Confirm if you require a contracted out service or supply of resource Supply of resource: the off-payroll rules may apply Summary of work TPR is aiming to migrate all files currently being stored on in scope Network Shared Drives (NSD), to SharePoint Online (SPOL). The idea is to take a minimalist approach to the migration, replicating existing folder structures to minimise the impact of change on working process, however where there are more complex processes and organisation structures involved, solutions should be developed that take advantage of the use of metadata and/or workflows in order to ensure that TPR can continue to work efficiently and effectively. It is essential that following migration, service users can continue to successfully search for and locate the documents they need, in a minimal amount of time. Our intention is for a phased migration approach, focusing primarily on higher risk areas with sensitive documents. Once the migration of documents and SharePoint configuration has taken place for each area, working processes will be tested and signed off with the service users. This will enable the Azure services associated with the Network Shared Drives to be decommissioned by TPR. TPR is therefore looking for a supplier to: • Run pre-migration reports and provide discovery support to ensure all files in scope can be successfully migrated. • Provide migration services according to best practice for migrating sensitive and business critical documents, to ensure risks and potential business disruption is kept to a minimum. • Utilising bulk application of additional metadata during migration through PowerShell and/or Sharegate, for the purpose of flattening document structures and/or developing metadata-based document organisation, in line with TPR and SharePoint Online policy, best practises and service user requirements. • Provide discovery, investigation, and implementation support for the handling of complex Excel spreadsheets containing links in formulas, macros and addons, including link correcting following migrations of new destination files. • Application of sensitivity labels to migrated documents and configuring appropriate document retention in line with TPR’s policies. • Reviewing, rebuilding and configuration of access controls, document permissions and set up of role-based security groups where required. • Configuration of SharePoint libraries, including further refinement of meta data and document organisation models. New or existing structure and specific use case requirements for document organisation to be confirmed during discovery. • Design and implement Power Automate workflows in SP where required or appropriate to ensure working processes are effectively transitioned. • Testing working processes with service users, including document search functionality and those related to document organisation and management. Where the supplied staff will work South East England Why the work is being done The current use of Network Shared Drives (NSDs) to store documents has been identified as a key area of risk that needs to be addressed. Specifically: • NSDs lack the basic functionality required to achieve a good standard of Information Management (IM). • NSDs are particularly vulnerable area of the data estate in relation to the risk of cyber-attack. • NSDs are currently used to store some of the most sensitive data TPR holds. Unmanaged data refers to data or documents where TPR’s Information Management (IM) Policies (Access, Retention & Classification) have not been actively applied. The objective of the project is to migrate all documents that are identified as compatible, sensitive and of continued value to the organisation, from the NSDs into SharePoint (SPOL), which is the Information Management system of choice at TPR. The aim is to achieve a measurable contribution towards the mitigation of two of TPR’s corporate risks: Unmanaged Data and Cyber Attack. The primary TPR Strategic Objective that the project maps to is Security. The business problem you need to solve TPR is aiming to migrate all files currently being stored on in scope Network Shared Drives (NSD), to SharePoint Online (SPOL). The idea is to take a minimalist approach to the migration, replicating existing folder structures to minimise the impact of change on working process, however where there are more complex processes and organisation structures involved, solutions should be developed that take advantage of the use of metadata and/or workflows to ensure that TPR can continue to work efficiently and effectively. It’s essential that following migration, service users can continue to successfully search for, locate access, organise and update the documents they need, in a minimal amount of time. Our intention is for a phased migration approach, focusing primarily on higher risk areas with sensitive documents. Once the migration of documents and SharePoint configuration has taken place for each area, working processes will be tested and signed off with the service users. This will enable the Azure services associated with the Network Shared Drives to be decommissioned by TPR. TPR is therefore looking for a supplier to: • Run pre-migration reports and provide discovery support to ensure all files in scope can be successfully migrated. • Provide migration services according to best practice for migrating sensitive and business critical documents, to ensure risks and potential business disruption is kept to a minimum. • Utilising bulk application of additional metadata during migration through PowerShell and/or Sharegate, for the purpose of flattening document structures and/or developing metadata-based document organisation, in line with TPR and SharePoint Online policy, best practises and service user requirements. • Provide discovery, investigation, and implementation support for the handling of complex Excel spreadsheets containing links in formulas, macros and addons, including link correcting following migrations of new destination files. • Application of sensitivity labels to migrated documents and configuring appropriate document retention in line with TPR’s policies. • Reviewing, rebuilding and configuration of access controls, document permissions and set up of role-based security groups where required. • Configuration of SharePoint libraries, including further refinement of meta data and document organisation models. New or existing structure and specific use case requirements for document organisation to be confirmed during discovery. • Design and implement Power Automate workflows in SP where required or appropriate to ensure working processes are effectively transitioned. • Testing working processes with service users, including document search functionality and those related to document organisation and management. • Discovery, design, and delivery of technical solution for complex FLR use case. First user type: HR/Payroll First user type: FLR & Enforcement First user type: Determinations Panel Enter more details about this user type: * PROCESS – Employee records are stored and organised on the Network Shared Drives, where they are accessed and updated daily in response to HR queries. * REQUIREMENT – Usability and security. Fast access to well organised information and accurate and efficient searches * SHAREPOINT CONFIGURATION – Setup and utilisation of a metadata-based organisation model Enter more details about this user type: * PROCESS – Case files are organised and bundled in a single case folder for distribution to multiple audiences with differing format and content requirements. * REQUIREMENT – Ability to organise, bundle and mange a very large quantity of case files efficiently and effectively. * SHAREPOINT CONFIGURATION – Enabling a metadata-based organisation model and use of workflows Enter more details about this user type: * PROCESS – Case bundles are managed by the support team, shared with the Determinations Panel who add notes, Bundles distributed to various legal audiences. * REQUIREMENT – Specialised access control, enabling different versions of documents to be visible or restricted to certain audiences. * SHAREPOINT CONFIGURATION – Copy of case files to be created when transferring from FLR. Using workflows to automate access control changes through processes.