Technical Delivery Partner

Description

About adding context and requirements test Work done so far The Agency have been supported thus far by our Strategic Partner who has aided ICI in developing a business vision, target operating model, and early draft Technical Strategy. These design artefacts are currently at a minimum of OFFICIAL SENSITIVE and will be provided to the successful bidder. Which phase the project is in Not applicable Existing team The ICI Transformation Programme is being formed via a combination of Crown Servants, consultancy expertise in business design and architecture, and contingent labour specialists. The supply chain consists of the in house DDaT Special Operational Services function, responsible for infrastructure and platform services to ICI. The evaluation of the bids will be conducted by Crown Servants and relevant SMEs within the business, all measures have been undertaken to prevent insider advantage. Address where the work will be done The vast majority of the work will be delivered at the Agency’s current London site (Vauxhall) with the expectation that some work will also be required at our Warrington site. For awareness, the NCA will be relocating from Vauxhall to a new a new site within the M25 corridor by 2025. Remote working may be applicable depending on the SOW. Working arrangements The resource provided by the TDP will be expected to be available during the typical working hours of the NCA ICI team (Monday to Friday 9am to 5pm). Interactions with the ICI team will either be on-site or virtually via MS Teams. There could be potential for weekend working, however this will be agreed during SOW development (and additional cost for overtime and T&S will be included in SOW). Provide more information about your security requirements: Security Check (SC) Provide more information about your security requirements: Developed Vetting (DV) Provide more information about your security requirements (optional): Initially, a pool of candidates with Security Check (SC) and Developed Vetting clearance is required as a minimum. Following contract award, the supplier must be willing to put candidates through the SC Enhanced clearance process which will be sponsored by the Customer. Latest start date 2023-04-21 Enter the expected contract length: 2 years Extension period: 1 year Special terms and conditions Official Secrets Act 1911 to 1989 and S182 of the Finance Act 1989 (details will be provided to successful bidder prior to contract award) Special terms and conditions Contractor's Staff (details will be provided to successful bidder prior to contract award) Special terms and conditions Publicity and Branding (details will be provided to successful bidder prior to contract award) Special terms and conditions Freedom of Information (details will be provided to successful bidder prior to contract award) Special terms and conditions Security Measures (details will be provided to successful bidder prior to contract award) Special terms and conditions Security Requirements and Information Security (details will be provided to successful bidder prior to contract award) Write the term or acronym: ICI Write the term or acronym: TDP Write the term or acronym: UKIC Write the term or acronym: DDaT Write the term or acronym: SOW Write the term or acronym: RFP Write the term or acronym: CDLI Write the term or acronym: SOC Explain the term or acronym: Integrated Communication Intelligence Explain the term or acronym: Technical Delivery Partner Explain the term or acronym: United Kingdom Intelligence Community Explain the term or acronym: Digital, Data and Technology Explain the term or acronym: Statement of Work Explain the term or acronym: Request for Proposal Explain the term or acronym: Communications Data Lawful Intercept Explain the term or acronym: Serious and Organised Crime Are you prepared to show your budget details?: Yes Indicative maximum: 8,250,000.00 Indicative minimum: 0 Provide further information: Indicative Total Contract Value (for 2+1) is up to a maximum £8,250,000.00 (£2,750,000.00 per year). The TCV is the limit of liability (LoL) and there will be no minimum spend commitment over the term of the contract. Any commitment to spend will be via Statements of Work (SOW) which are agreed to by the customer, up to the maximum LoL. The contract will use a SOW mechanism to agree work-packages, whereby the customer (in some cases with the TDP’s support) will develop a request for proposal (RFP) and in response the TDP will produce a SOW that describes how it meet the customers needs outlined in RFP. Once agreed the SOW will be signed by the customer following internal approvals . Confirm if you require a contracted out service or supply of resource Contracted out service: the off-payroll rules do not apply Summary of work The National Crime Agency require a Technical Delivery Partner to provide the requisite technical skills to support the transformation of its Integrated Communication Intelligence capability. Where the supplied staff will work North West England Where the supplied staff will work London Where the supplied staff will work No specific location (for example they can work remotely) Who the organisation using the products or services is National Crime Agency Why the work is being done Integrated Communications Intelligence (ICI) is part of NCA’s Intelligence Collection capability, and is responsible for gathering, understanding and assessing the digital communications of the most serious and organised criminals harming the UK. To combat the continual evolution in criminal use of communication technology and support the NCA and policing partners to tackle ever more complex digitally enabled criminality, ICI is transforming from a set of interdependent Investigatory Powers Act enabled business areas to a coherent Criminal Communications Intelligence function. This will include a complex multiyear change across people, process, facilities and technology. ICI will maximise the yield of intelligence by creating a multi-source, multi-functional capability operating at OFFICIAL up to TOP SECRET that will systematically infiltrate all forms of criminal communications and produce mission impacting intelligence. The ICI team is enabled by technology across all aspects of the business workflow, from tasking and mission management through to data analysis and intelligence reporting. Unfortunately, much of this technology has passed end of life and/or is not fit for the ‘data age’. Working in partnership with NCA DDaT, ICI needs to deliver and maintain the technical ecosystem to keep pace with technology change, increase data volumes, and more complex communications patterns. The business problem you need to solve ICI need to undertake a technical overhaul, bringing systems, services, and people in to the digital age, within the time period of a move to a new London Headquarters in 2025. ICI must better understand and manage data flows, ensuring maximum value can be extracted from disparate sources for mission requirements across the SOC system – from real time high risk scenarios to strategic intelligence development and target discovery. To achieve this ICI requires a Technical Delivery Partner (TDP) with the ability to scale technical services in response to demand (in the form of a customer Statement of Requirement (SOR) and responded to in form of a Statement of Work (SOW)), deliver flexible but robust infrastructure at the highest security tier, create simple and effective capabilities for the volume user, build bespoke solutions for more complex analytic needs, and maintain an always on capability level. The TDP also needs to do this with integration in mind, both internally and with external partners to ensure data and intelligence flows quickly and efficiently to the point of need, in a robust and compliant manner within the obligations of legislation e.g. Investigatory Powers Act and Human Rights Act. The TDP also needs the ability to not only quickly create capability on an ongoing basis, but to have a mature model for managing the run and maintain burden of infrastructure, applications, and digital services across core operational and DR sites. Following previous work already completed at a strategic level, the ICI will provide the TDP with a suite of artefacts, such as outline designs of minimum viable capabilities, to-be data modelling, draft business vision, target operating model, and early draft Technical Strategy. It is anticipated that the first SOW to be delivered by the TDP will be to review the artefacts (listed above) and develop a roadmap of potential TDP activity in FY23/24 and beyond, including an options paper for consideration by the customer. It is anticipated that the scope of the roadmap may include the delivery of some of the following activities (this list is estimated and non-exhaustive): • development and initial support of user facing applications for key areas such as data analysis, data enrichment, and workflow management (both bespoke and built on an existing framework) • development of APIs and integrations between bespoke and COTS applications within ICI and in external partners • data engineering effort, ensuring incoming feeds are normalised and presented to officers in an understandable manner. • build, commissioning, integration, deployment, testing, and support of infrastructure using virtualised, hyper-converged, or similar approaches. Hosting of these will be a blend of on premises and data centre. • supporting the build and provisioning of desktop IT • design and delivery of data analysis platform(s) on the new infrastructure services • design and controlled transition of applications, infrastructure, and platforms into sustained enterprise service • design and delivery of integration/transition of ICI technology in NCA enterprise services To deliver the above activities, a TDP will need to have the flexibility to provide resources across the ICI estate, at all technology layers, at all security tiers, including supporting the customer with some IT service management responsibilities if the business require. It is therefore anticipated that the skillsets required to deliver these activities will need to include the following or similar (this list is estimated and non-exhaustive): • Lead Programme Manager • Lead Technical Architect • Agile Project Manager • Quality Manager • Software Developer • DevSecOps Engineer • Enterprise Architect • Network Architect • Test Engineer • Data Architect • Security Architect • Infrastructure Architect • Cloud Architect • Infrastructure engineering • 1st, 2nd, and 3rd line application support • 1st, 2nd, and 3rd line infrastructure support Relevant technology experience in the following is welcomed but not essential: typescript, REACT, JAVA, VMware, JIRA, cloud services (AWS, Azure, other), containerisation services (e.g. Kubernetes, Docker). First user type: NCA Officers Enter more details about this user type: The primary users of services from this arrangement are officers within the ICI business who are responsible for the assessment of multiple digital collection sources. They need to quickly make judgement on the importance of data to an operational requirement, working closely with intelligence and investigative customers to draw conclusions and support onward actions. They need to be enabled to work efficiently and at pace, supported by technology in maintaining compliance with rigorous legislative requirements. They also need to be able to work with internal and external partners to understand, assess, and deliver strategic intelligence from digital collection. There are additional users across innovation, data acquisition, compliance, training, and business management functions who have unique technology needs, underpinned by the requirement for dataflow across the ICI application stack. Questions and Clarifications 0. Please can you share the number of organisations who have been invited to this first round of the tender exercise. 2730 suppliers received the published requirement for Project 10028 via RM1043.8. CCS have confirmed that the due to the filtering selections made to questions such as location of services and security clearance, the requirement was sent automatically to only those suppliers who have listed those requirements in their service provision. Last Updated: <strong>2023-02-27T14:08:56.747894Z</strong> 1. Under "Any work that’s already been done" it is mentioned that "The Agency have been supported thus far by our Strategic Partner who has aided ICI in developing a business vision, target operating model, and early draft Technical Strategy." Is it possible to understand who this Strategic Partner is and whether they are also able to bid for this Technical Delivery Partner role? We do not wish to share this detail at this time, however, the Strategic Partner (SP) is listed as a supplier on DOS 6. All steps have been taken to ensure that the SP does not have a competitive advantage and the NCA can confirm that the SP will not have access to bids received nor will it be involved in the tender evaluation exercise. Last Updated: <strong>2023-02-27T14:09:47.584551Z</strong> 2. In question 1 of the ‘Nice-to-have skills and experience’ section you have asked for public body specific examples. Would the Authority accept a Private Sector example? As this is a 'Nice to have' criteria, the Authority will only accept public body specific examples. Last Updated: <strong>2023-02-27T14:10:59.786762Z</strong> 3. Does the 750 character limit include spaces or not CCS have confirmed that the 750 character limit does include spaces. Last Updated: <strong>2023-02-27T14:11:37.736397Z</strong> 4. Does ISO/IEC 27001 Certification automatically exempt a supplier from the need to gain Cyber Essentials Plus Accreditation in addition to Cyber Essentials accreditation? If the bidders ISO/IEC 27001 ISMS Certification includes the same cyber security controls as Cyber Essentials Plus (CE+), then there is no need to obtain CE+ in addition to ISO/IEC 27001 Certification. However, ISO/IEC 27001 is a broad standard and just being accredited does not automatically mean that the bidder is exempt from obtaining CE+, the bidder must demonstrate that their ISO/IEC 27007 accreditation includes the cyber security controls listed within CE+ Last Updated: <strong>2023-02-27T14:12:49.543119Z</strong> 5. Could the Authority confirm whether or not your Strategic Partner supplier can bid for this opportunity? 2. Does the Authority consider there to be an incumbent for this work, or closely comparable work? 3. Would the Authority welcome proposals from consortia or teams of companies? 1) The Strategic Partner is a registered supplier on RM1043.8 and was sent the requirement. 2) The Authority does not consider there to be an incumbent to this work, this is a new transformation programme for capability that is over ten years old. 3)The Authority would not accept bids from a consortia or a team of companies as we require a contractual relationship with a single entity. However, a prime contractor/subcontractor model is acceptable and can be demonstrated throughout the proposal process. Last Updated: <strong>2023-02-27T14:14:19.431722Z</strong> 6. For this project, will the NCA provide the IT equipment and infrastructure or will the supplier be expected to supply? The Authority will be responsible for supplying/purchasing the IT equipment and infrastructure based on recommendations of the successful supplier via agreed Statements of Work. Last Updated: <strong>2023-02-27T14:15:19.662249Z</strong> 7. Will the NCA accept existing clearances or will the individual have to go through NCA enhanced clearance? Existing SC and DV vetting is acceptable for initial work, however, the successful supplier will need to be willing to put forward candidates for SC Enhanced to ensure continuous support over the duration of the contract. Last Updated: <strong>2023-02-27T14:16:01.066023Z</strong> 8. What are the resourcing expectations with regards to being on-site and how often (if at all)? Or can this be delivery primarily remotely? Please refer to the requirement in regards to locations and working arrangements. Where the work will need to be completed is dependent on each Statement of Work, in which the location will be agreed by both customer and successful bidder. At this moment in time we cannot determine which site will require the majority of work to be completed at or the level of work that can be completed remotely. Last Updated: <strong>2023-02-27T14:16:52.384295Z</strong> 9. Is there any scope to delay submission? There is no scope to delay submission deadline date. Last Updated: <strong>2023-02-27T14:17:26.109775Z</strong> 10. here are several different contexts that could be described as "digital communication capabilities" e.g. user digital comms like public relations websites/social media, telecommunications type digital comms or services like gov notify Can you clarify what type you are referring to here? The authority can confirm the capabilities to be developed relate to digital communications intelligence, this includes telecommunications intelligence. Last Updated: <strong>2023-02-27T14:25:53.205155Z</strong> 11. Could you please clarify and define in more detail what the authority means by “digital communication capabilities"? Do you mean experience of developing capability to produce Communications Intelligence? The authority can confirm the capabilities to be developed relate to digital communications intelligence, this includes telecommunications intelligence. The Authority means demonstrate experience of developing capabilities to derive from/exploit communications source data." Last Updated: <strong>2023-02-27T14:26:56.345284Z</strong>