Provision of Infrastructure Systems Assessments and Targeting (ISAT)

Description

Summary of work Phase one of the programme is the development of an infrastructure systems modelling tool allowing the visualisation of the infrastructure within an AO, map the complex infrastructure inter-dependencies and allow the interrogation of the model to provide decision support to Comds at all levels.  The Authority reserves the right to place Follow On work with the Supplier as specified within the Statement of Requirements for Phase 2 & 3 depending on the technical results of Phase 1.  If at the end of Phase 1 follow on work is not desirable, the Authority may wish to Terminate the Contract in accordance with the Digital Outcomes & Specialist Terms & Conditions.  If, however, Phase 2 is desirable, the feasibility of any additional work is subject to the Authority’s internal funding approval. Phase 2 & Phase 3 work Authorisation must be exercised in writing by a Commercial Officer.  Any follow-on work carried out without the Authority’s written authorisation will be at the Supplier’s risk and the Authority will not be obliged to pay for the work. Where the supplied staff will work South East England Who the organisation using the products or services is Army HQ Why the work is being done Through Infrastructure Systems Assessment & Targeting (ISAT), Defence will be able to intelligently and precisely target infrastructure, enabling disproportionate operational effects providing commanders a significant advantage and denying these benefits to adversary forces. The ISAT Programme will also tackle pan-Defence challenges such as the curation, assurance and storage of sovereign data, the integration of multi-domain systems and enhancing decision support and situational awareness. The business problem The integration of ISAT as a Military Engineering process using a secure and resilient digital tool to enable precise analysis and targeting of infrastructure systems; in order to provide land forces with operational advantage whilst denying such benefits to adversary forces. The people who will use the product or service User type: Military Engineer Definition: As a Military Engineer I need to understand infrastructure systems to enable offensive and defensive action for Operational advantage. Any pre-market engagement done N/A Work done so far DDAP/Spindle. The ISAT Spindle sprint served as a capability concept demonstrator (CCD) for the ISAT framework to inform the system requirements of the ISAT framework described in this SOR. User feedback of the CCD will be shared with the Contractor. Doctrine. ISAT doctrine has been developed which defines the ISAT process and the theory which underpins the analysis. The doctrine must be the foundation for any code that automates or digitalises any part of the ISAT process. Which phase the project is in Alpha Existing team Programme Director Programme Manager Programme Team Technical lead Doctrinal development works package delivered. Some dependency between projects exists. Address where the work will be done 12 Engineer Group HQ, RAF Wittering, Peterborough, PE8 6HB. The place of delivery for the contract shall be at such location(s) as agreed between the outcomes supplier and the Authority and will be dependant on the outcomes required at that time. Working arrangements The contract is to be delivered in a collaborative manner to ensure the Clients requirements are understood and met. The Client will seek to have service personnel attend sprints for mutual benefits of both parties. The supplier is to provide fortnightly updates to the Programme Manager (remotely), a monthly progress meeting (can be attended remotely) and a quarterly progress meeting attended face to face. Security and vetting requirements Security Check (SC) More information about the Security requirements: Security Clearance (SC) will be required for the duration of the role. Incumbents are to follow both the letter and spirit of Army Headquarters security regulations. Latest start date 10 October 2024 Expected contract length Contract length: 2 years 0 months 0 days Optional extension: 0 years 6 months 0 days Special terms and conditions special term or condition: The Authority has assessed this requirement outside the scope of IR35. This assessment has been conducted in accordance with the MoD Intermediaries Legislation IR35 Guidance and is deemed as an output/outcome based contract. Whereby the supplier is responsible for managing their resources to deliver the required outputs, and they have responsibility and liability for the all the work and its delivery. Budget Indicative maximum: The contract value is not specified by the buyer Indicative minimum: The contract value is not specified by the buyer Contracted out service or supply of resource? Contracted out service: the off-payroll rules do not apply Questions and Clarifications 1. Will the CCD (Concept Demonstrator) code be made available to the supplier. No Last Updated : <strong>27/08/2024</strong> 2. Can you please confirm the budget for this opportunity? In order to ensure the Authority obtains Value for Money, the Authority wishes not to divulge the approved funding value. Bids are to be priced in accordance with the Statement of Requirement on the Annex that will be provided at Tender Stage and if suppliers pass the Expressions of Interest Evaluation Stage. Last Updated : <strong>19/08/2024</strong> 3. Please can the authority confirm if the SoR requested by email should contain any information beyond the dates for the competition? The SOR provides outline dates for phases 1, 2 and 3. A detailed breakdown of requirements and expected completion dates for phase 1 are under the Payments section. Last Updated : <strong>27/08/2024</strong> 4. Attachment 3 to the bid pack under "essential skills and experience" has two questions, but only one supplier response box. Can the Authority confirm that it requires a combined response (of max 750 characters including spaces) encompassing both questions? It appears there is a glitch in the system that I am unable to resolve. Therefore the Authority requests suppliers to complete the "ISAT_Expressions_of_Interest_Question_Set" that will be sent to all suppliers that have requested a copy of the Statement of Requirement. To note, this document must be completed and received by 16:00 on 30 August 2024. Emails received after this time will not be included within the evaluation. Last Updated : <strong>27/08/2024</strong> 5. Is the tool a standalone application or will it be integrated into a wider system of tools? i.e. is the ISAT being delivered as an API and the API will be used by already developed tools? The tool should be developed as a standalone environment but with a RESTful API for it to be integrated with wider systems when required. Last Updated : <strong>27/08/2024</strong> 6. On what operating system will the tool be deployed? Will it be cloud based or on local architecture? The application should be hosted on a Linux based cloud architecture. Last Updated : <strong>27/08/2024</strong> 7. What response is needed to be delivered by 30/08/24? The EoI submission is required in full for review by the Authority. Last Updated : <strong>27/08/2024</strong> 8. Confirmation of due date for Phase 1. As the SOR is dated from May and the due date is stated for Dec 24 for phase 1, is that still correct noting the recent release date of the SOR. The SOR provides outline dates for phases 1, 2 and 3. A detailed breakdown of requirements and expected completion dates for phase 1 are under the Payments section. Last Updated : <strong>27/08/2024</strong> 9. Would it be possible to request a minimum of one week extension to this timeline from 19 to 26 Sep and an opportunity to ask clarification questions during this period The Authority will not be extending the timeline for contractural submissions. These dates have been set to maximise the time the successful tenderer has to develop the product. Last Updated : <strong>27/08/2024</strong> 10. Do you have a ROM cost? In order to ensure the Authority obtains Value for Money, the Authority wishes not to divulge the approved funding value. Bids are to be priced in accordance with the Statement of Requirement on the Annex that will be provided at Tender Stage and if suppliers pass the Expressions of Interest Evaluation Stage. Last Updated : <strong>27/08/2024</strong> 11. Could the authority confirm if the word count of 750 characters including spaces for each question is correct? This is correct. Last Updated : <strong>27/08/2024</strong> 12. Can the authority provide the ISAT Doctrine as mentioned at para 4b, page 1 of the ISAT Digitalisation phase 1 document? The ISAT doctrine can be made available during the ITT process. Last Updated : <strong>27/08/2024</strong> 13. Can the authority clarify who is the current contract incumbent? This is a new requirement and therefore no contract incumbent exists. Any demonstration work has been completed on a separate call off contract. Last Updated : <strong>27/08/2024</strong> 14. Could the authority clarify what is meant by the ISAT framework listed at Para 15 of page 11 of the ISAT Digitalisation phase 1 document? The ISAT Framework is the termed used to describe the overall output of this SOR. Last Updated : <strong>27/08/2024</strong> 15. The word count for stage 2 states 750 characters per question, Is this correct? The questions posed require detailed answers of which 750 characters doesn’t seem sufficient. It appears there is a glitch in the system that I am unable to resolve. Therefore the Authority requests suppliers to complete the "ISAT_Expressions_of_Interest_Question_Set" that will be sent to all suppliers that have requested a copy of the Statement of Requirement. To note, this document must be completed and received by 16:00 on 30 August 2024. Emails received after this time will not be included within the evaluation. Last Updated : <strong>27/08/2024</strong> 16. The named location suggests RAF Wittering. Is a permanent presence required or can work be undertaken remotely The work will be conducted remotely or on the Suppliers premises. The Authority will not be providing a working area, outside of scheduled meetings for the supplier. Security consideration should be given to the sensitivity of the project and cross contamination. Development should be done on devices separate from personal devices, or devices used to develop any other projects and any collaboration of code should be done in a secure manner. Last Updated : <strong>27/08/2024</strong> 17. Is the software a bespoke package or will it need to be created? This requirement is for a bespoke package created by the Supplier. Last Updated : <strong>27/08/2024</strong> 18. Will the ISAT Doctrine be available as part of the bid preparation? The ISAT doctrine can be made available during the ITT process. Last Updated : <strong>27/08/2024</strong> 19. Who will be responsible for providing hosting on a local hardware platform conforming to SECRET accreditation? This is a system requirement detailed within the system requirements section and is the responsibility of the Supplier. Last Updated : <strong>27/08/2024</strong> 20. Are the systems requirements, doctrine and user feedback for the ISAT framework mentioned in Attachment 1 (Any work that has already been done) available? The CCD may be available for a live demo only, to give a visualisation of possible output. System requirements, doctrine and user feedback is not available for this stage of the process. Last Updated : <strong>27/08/2024</strong> 21. In the ITT docs supplied is a document marked 20240814-Request_For_SOR.docx. Inside is the following statement: “If you wish to have access to the Statement of Requirement, please email … directly”. Has this statement of requirements already been supplied or is there further information beyond the three attachments? If so can this be supplied. The Statement of Requirement can be requested by submitting an email to toni.prince177@mod.gov.uk Last Updated : <strong>27/08/2024</strong> 22. Is there a CONEMP for the ISAT capability which can be made available as part of the ISAT Digitalisation phase 1 document? A CONEMP has not yet been finalised. Last Updated : <strong>27/08/2024</strong> 23. Are you able to share details on: 1. User Feedback on the CCD along with any details from the CCD that can be released? 2. Can you share details on the ISAT Doctrine? 1. The CCD may be available for a live demo only, to give a visulisation of possible output. System requirements, doctrine and user feedback is not available for this stage of the process. 2. The ISAT doctrine can be made available during the ITT process. Last Updated : <strong>27/08/2024</strong> 24. Can you confirm the essential criteria are in the SOR are correct for the ISAT requirement. Limiting down selection to designing and implementing APIs feels very narrow based on the SOR received by email. Similarly the 'nice to have' question requests details responses including case studies, within a very small character count (750 characters). The criteria detailed is correct for the ISAT SOR. The character count is correct. Last Updated : <strong>27/08/2024</strong> 25. Are the languages and technologies that the tool will be built in already defined? No, we expect the supplier to bring their analysis, experience and creativity to the project to help us identify mature options. However, the authority has set certain constraints which will affect the choices available, namely that the open source components have a low software bill of materials, are memory safe, and capable of being deployed on reasonably low power compute. Whilst we primarily target linux, the authority welcomes technology choices that enable cross platform deployment. Last Updated : <strong>27/08/2024</strong> 26. Is all work to be done on site or can work be done remotely with regular visits on site? The work will be conducted remotely or on the Suppliers premises. The Authority will not be providing a working area, outside of scheduled meetings for the supplier. Security consideration should be given to the sensitivity of the project and cross contamination. Development should be done on devices separate from personal devices, or devices used to develop any other projects and any collaboration of code should be done in a secure manner. Last Updated : <strong>27/08/2024</strong> 27. Does Phase 1 cover Alpha and Beta phases and Phase 2 would be Live Service? Phase 1, 2 and 3 of the SOR cover only Alpha Phase. Last Updated : <strong>27/08/2024</strong> 28. Will the CCD (Concept Demonstrator) code be made available to the supplier. CCD code will not be available due to it being created on a proprietary system. A live demo may be available to provide a visual of a likely end product. Last Updated : <strong>27/08/2024</strong> 29. Can the authority confirm the contract duration: a. Phase 1 – 6 months? b. Phase 2 – 2 years? The SOR provides outline dates for phases 1, 2 and 3. A detailed breakdown of requirements and expected completion dates for phase 1 are under the Payments section. This contract is for the delivery of Phase 1 by Mar 25. The Authority has the option to extend beyond this for Phase 2 subject to outputs being met and financial approval being obtained for subsequent phases. Last Updated : <strong>27/08/2024</strong> 30. Can the authority articulate the connectivity requirements to the home base and @ what classification? Will this project, within the lifecycle of the contract, be expected to connect to a wider ecosystem or be wholly stand alone? The softwares to be delivered have not been strictly defined, see clarification 4. It is expected that the softwares will work at operational and tactical levels at S due the nature of the analysis and output it will provide where the softwares are processing over operational data. However systems will be made available to the supplier for the software to operate at unclassified at dummy/open source data. The software is not expected to work on extant S classification systems. Every software is expected to have an API, so the burden of integration is on the maintainers/developers of extant S classification systems to extricate the data. This decouples the successful applicant from the integration burden, therefore we expect the software to be neither strictly connected nor standalone - i.e. loosely coupled software each with its respective expressive APIs Last Updated : <strong>27/08/2024</strong> 31. Is the tool a standalone application or will it be integrated into a wider system of tools? i.e. is the ISAT being delivered as an API and the API will be used by already developed tools? The tool should be developed as a standalone environment but with a RESTful API for it to be intergrted with wider systems when required. The authority sees the tool as a set of loosely coupled standalone software packages which all allow for interoperability by APIs. As a rule of thumb, all functions and all data forming the set should be exposed via each softwares API. The authority has conducted internal breakdowns of the requirement sets into a set of proposed software's, these will be given to the winning supplier to help clarify the ask and the intent. It is expected that the supplier will likely wish to revisit this break down according to their experience and creativity. Last Updated : <strong>27/08/2024</strong> 32. Does the authority have a High Level Design document available which visualises the proposed laydown? a. How will the 10 laptops be employed: i. As a Local Area Network? ii. In an individual standalone configuration? iii. In a hybrid configuration? b. Will the devices work within a HQ environment or in a more austere environment? See clarification 29 in the absence of a high level design document. The laptops detailed in the SOR represent minimum satisfyability criteria, it is expected that the arbitrary networking of the latpops and the authority provided cloud clusters is enabled by the supplier working with the authority developers. Consider the following as an example arbitrary laydown that could be enabled: 4 x Laptops and a cluster computer will form a networked backbone in a HQ type environment. holding distributed data and enabling the provisioning/consumption of this data with the satelite nodes. 6 x Laptops will be satellite nodes - these will be effectively (fatter) thin clients. On these computers a subset of the software should be able to work independently of the above cluster when disconnected and in sympathy with the cluster when connected. Last Updated : <strong>27/08/2024</strong> 33. Can the authority further describe the nature and requirement for S storage of processed information and its intended onward usage? (Requirement C-005, page 7 of ISAT Digitalisation phase 1 document) Any data created by or ingested by any of the set of software produced by the supplier should be made available via API. See clarification 4 and 19. It is by these means that storage and onward usage will be enabled at S. Last Updated : <strong>27/08/2024</strong> 34. Could the authority provide further detail of the exclusion of 3rd party translation software. Does this exclusion extend to MODCloud accredited offerings such as: a. MODCloud Consumable Cloud Services - MODCloud Customer Information Hub - Confluence b. AWS translate is listed as having been subject to a Service Security Assessment (SSA) by defence digital and being an accredited solution for translation of OS content with an MoD context. The authority considers these services non-applicable as we anticipate operational scenarios where the software will not be connected to the cloud. Last Updated : <strong>27/08/2024</strong> 35. Further to the IES 4d standard, does the authority have a current data model prescribed for the phase 1 activity? Are there any other open data standards employed to date? No, the supplier is expected to apply creativity and originality with regards data modelling and ontology. Last Updated : <strong>27/08/2024</strong> 36. What are the authority’s data sovereignty requirements for the project? Absolute sovreignity. 1. All software produced during this contract 2. All software components where they may be prior IP of the supplier, the absence of which would make the software produced inoperable except where permissively licenced/open source. 3. All data ingested by any software provided or created by any software provided and all functionality expressed by those softwares must be available over respective APIs for each software (see for example HATEOAS) Last Updated : <strong>27/08/2024</strong> 37. Could the authority clarify what is considered foreground IP and background IP for the contract? DEFCON 703 applies to this requirement. This means that all IPR generated under the potential contract belongs to buyer. The supplier has no rights to use or profit from the IPR without the buyer’s permission. Last Updated : <strong>27/08/2024</strong> 38. Could the authority clarify what they mean by “zeroise” the capability listed in para 20 page 11 of the ISAT Digitalisation phase 1 document? From what classification level does the capability need to be zeroised from? The Supplier must be able to demonstrate to the Authority that all data provided by the Authority as GFX and/or related to ISAT has been deleted (zeroised) from their system. Last Updated : <strong>27/08/2024</strong> 39. Is the software a bespoke package or will it need to be created? This requirement is for a bespoke package created by the Supplier. Last Updated : <strong>27/08/2024</strong> 40. Essential Questions 1 and 2 seem to have some overlap. Could you clarify the difference between them? Is it correct to say that #1 refers to the experience in designing a robust API based solution, and #2 refers to experience in building and deploying a robust API solution? Correct Last Updated : <strong>27/08/2024</strong> 41. Will the information on the ISAT Spindle sprint CCD be available as part of bid preparation? Will the tool be a new build rather than an extension of the Spindle CCD. The CCD may be available for a live demo only, to give a visulisation of possible output. The ISAT Framework will be a new build. Last Updated : <strong>27/08/2024</strong> 42. Who will be responsible for achieving accreditation for the demonstrator to SECRET by January 25? The authority will be using JSP processes, these will not be the concern of the supplier. Last Updated : <strong>27/08/2024</strong> 43. How do you foresee the local infrastructure having access to the Internet and holding Secret data for phase 1? 6. What is the expected Technology Readiness Level (TRL) at the end of January. See clarification 4 & 6. Expanding on these: some systems which collect data will necessarily be connected to the global internet and will not expected to operate at S. The data taken from software on these systems via their APIs will be aggregated on software held at S. Therefore none of the data or software at S is expected to be connected to the global internet. The authority uses GDS alpha/beta - the expectation is for the software to achieve alpha minimum, beta desirable. Last Updated : <strong>27/08/2024</strong> 44. To enable fielded technology support, will there be military technical staff available to perform remote updates or log collection? Yes Last Updated : <strong>27/08/2024</strong> 45. Confirmation of due date for Phase 1. As the SOR is dated from May and the due date is stated for Dec 24 for phase 1, is that still correct noting the recent release date of the SOR. The SOR provides outline dates for phases 1, 2 and 3. A detailed breakdown of requirements and expected completion dates for phase 1 are under the Payments section. Last Updated : <strong>27/08/2024</strong> 46. Do you have a list of data sources you anticipate the platform ingesting from, or is determining that part of phase 1 The authority holds a number of data sets, however the aim of phase 1 is to identify more. Last Updated : <strong>27/08/2024</strong> 47. Is the tool a standalone application or will it be integrated into a wider system of tools? i.e. is the ISAT being delivered as an API and the API will be used by already developed tools? The tool should be developed as a standalone environment but with a RESTful API for it to be intergrted with wider systems when required. The authority sees the tool as a set of loosely coupled standalone software packages which all allow for interoperability by APIs. As a rule of thumb, all functions and all data forming the set should be exposed via each softwares API. The authority has conducted internal breakdowns of the requirement sets into a set of proposed softwares, these will be given to the winning supplier to help clairfy the ask and the intent. It is expected that the supplier will likely wish to revisit this break down according to their experience and creativity. Last Updated : <strong>27/08/2024</strong> 48. On what operating system will the tool be deployed? Will it be cloud based or on local architecture? The appplication should be hosted on a Linux based cloud architecture. The softwares that form the set should target primarily linux. See clarification point 5 above. Given the nature of the project, the software must be deployable offline, excluding software elements that have to scrape data from the external internet. The authority will make available linux compute and local first kubernetes cloud clusters for the supplier. Last Updated : <strong>27/08/2024</strong> 49. Can the authority provide the ISAT Doctrine as mentioned at para 4b, page 1 of the ISAT Digitalisation phase 1 document? The ISAT doctrine can be made available during the ITT process. However the ISAT process employs readily availble CARVER analysis theory, which can be found online Last Updated : <strong>27/08/2024</strong> 50. SC is mentioned in the SoR; what is the security classification of the data that will be worked on? OS or above OS? See clarification 19 Last Updated : <strong>27/08/2024</strong> 51. Please delete clarification Question 50 and replace with: SC is mentioned in the SoR; what is the security classification of the data that will be worked on? OS or above OS? See clarification 30 Last Updated : <strong>27/08/2024</strong> 52. We seem to be missing the RAR Number with the paperwork, so we can submit the SAQ. We are only at Expressions of Interest at this stage, if/where suppliers are successful at this stage, the full Tender documents will be emailed, detailing the RAR and the relevant instructions. Last Updated : <strong>27/08/2024</strong> 53. The KPIs and SLA suggest a managed service including hosting. Are we correct in our assumption? See clarification 6, 32 & 48. Last Updated : <strong>28/08/2024</strong>