Published date: 18 February 2019
Last edited date: 20 May 2021
Awarded contract - This means that the contract has been awarded to a supplier.
Contract summary
Industry
IT services: consulting, software development, Internet and support - 72000000
Location of contract
FY4 5ES
Value of contract
£160,000
Procurement reference
tender_193392/747270
Published date
18 February 2019
Closing date
17 December 2018
Closing time
5pm
Contract start date
17 December 2018
Contract end date
16 December 2020
Contract type
Supply contract
Procedure type
Call-off from a framework agreement
A mini-competition or direct purchase from a pre-established framework agreement.
Contract is suitable for SMEs?
Yes
Contract is suitable for VCSEs?
No
Description
Delivering Apps to Smartphones is a key element of transforming the digital workplace and providing colleagues with modern solutions which enable them to be more efficient and effective. To date the delivery of Apps to the DWP store has been slow and/or resulted in apps being declined due to primarily to security concerns and lack of the right tools and internal capability to be able to assess and understand app behaviour.
In a global landscape where we have new vulnerabilities continuously emerging, we have the opportunity to secure an 'App Threat Assessment' from a third party.
Options Considered
The desired outcome is:
New apps added to the DWP App store in volume and at pace. User experience enhanced and colleagues have a wider range of apps to improve productivity
Security risks reduced
Two options have been considered and tested:
Internal Service: A test rig was developed which identified which IP addresses each app accessed. Whilst this provided some helpful information, it did not provide an assessment of
If/what data is being transferred/leaked out of DWP;
Which phone services are being used by the app e.g. blue tooth, location services etc.
any underlying and/or unexpected behaviours being performed by the app
This resulted in a considerable amount of residual product and security team effort which in a number of cases failed to determine the associated risk due to a lack of visibility of app behaviour.
External, expert service: In 2017, as a proof of concept 3 apps were sent for review by 4 suppliers, specialising in threat assessments. Each supplier provided a comprehensive threat assessment which will enable DWP to make an informed assessment of each app within 24 hours of request. The security community as well as the product team were impressed with the granularity of detail provided.
Doing nothing would expose the department to security risks or lost data. Therefore external procurement is recommended.
More information
Attachments
-
- Project_21728 Applications Threat Service -REDACTED.pdf
- Tender notice
- n/a
Award information
Awarded date
17 February 2018
Contract start date
17 December 2018
Contract end date
16 December 2020
Total value of contract
£160,000
This contract was awarded to 1 supplier.
KRYPTOWIRE LLC
Address
8200 GREENSBORO DRIVE SUITE 875 VIRGINIA USA
Reference
No reference - other
Supplier is SME?
Yes
Supplier is VCSE?
No
About the buyer
Contact name
Richard Hughes
Address
Peel Park
Blackpool
FY4 5ES
England
Telephone
01253 689866
Share this notice
Closing: 17 December 2018, 5pm
All content is available under the
