Published date: 20 November 2019
Closed opportunity - This means that the contract is currently closed. The buying department may be considering suppliers that have already applied, or no suitable offers were made.
Contract summary
Industry
Industry specific software package - 48100000
Location of contract
Any region
Value of contract
£1,800,000 to £5,000,000
Procurement reference
BIP80769795
Published date
20 November 2019
Closing date
16 December 2019
Contract start date
30 April 2020
Contract end date
29 April 2025
Contract type
Service contract
Procedure type
Restricted procedure
A two-stage procedure, where the first stage is used to select suppliers, who are then invited to bid in the second stage.
Contract is suitable for SMEs?
Yes
Contract is suitable for VCSEs?
No
Description
The United Kingdom Ministry of Defence will be placing a contract to replace the current Supplier Cyber Protection Tool, which enables the MOD's Defence Cyber Protection Partnership (DCPP) Cyber Security Model. The tool provides both Risk Assessment (RA) and Supplier Assurance Questionnaire (SAQ) functionality, ensuring the process can be flowed down the supply chain. The tool is accessed via the www.gov.uk website and must adhere to UK Government Digital Service (GDS) requirements for design. It uses GDS' Verify online authentication tool to authenticate some of the users.
Users log in using multi-factor authentication and are taken to a dashboard showing their existing submissions and can elect to complete an RA or an SAQ. On completion of an RA, the tool calculates the cyber risk profile (N/A, Very Low, Low, Moderate or High) and advises this, together with an RA reference, to the RA author. SAQ authors respond to a specific RA using the RA reference. When flowing down, a contractor's RA (for a sub-contract) is linked back to their original SAQ response. The combination of linked RAs and SAQs provides visibility of the supply chain, for which subcontractor names will be hidden to all except their immediate customer, and to a small number of super-users within MOD.
RA and SAQ authors also have options to save, continue and re-use questionnaires and invite collaboration, and anyone may produce a trial RA or SAQ. Only MOD users may initiate a top-level RA.
The initial requirement is for a tool, to be delivered as a managed service, consisting of a workflow and back-end database, to replicate the functionality of the current tool, in terms of the process described above. The new tool will be hosted on the MOD Cloud (see supplementary information attached to the PQQ).
Further enhancements to extend the functionality to other areas (including secure by design in product/system design and development) will be sought through the ITT process including, but not limited to, those which might offer updates on the cyber security status of particular suppliers. This is intended to be managed through a staged approach, building on the proven effective and stable operation of the baseline functionality.
This requirement is specific to MOD needs, with wider Government having an interest in the output. A Commercial Exploitation Licence will be sought as part of the ITT to reflect this.
More information
Additional text
-
To view this notice, register as a supplier here:
http://www.contracts.mod.uk/delta/signup.html?userType=supplier
and search for the notice with reference 'UK-Corsham: Industry specific software package.'.
About the buyer
Address
ISS CCT Commercial Team, Spur B2, Building 405
MOD Corsham
Corsham
SN13 9NR
UK
Telephone
+4403067702034
Share this notice
Closing: 16 December 2019
All content is available under the
