10 Sep 2019

Digital Directory Services (DDS) Technical Delivery Support (ASDT0094)

Type of document: Contract Notice
Country: United Kingdom

1. Title: DIGITAL DIRECTORY SERVICES (DDS) TECHNICAL DELIVERY SUPPORT (ASDT0094)
2. Awarding Authority: Ministry of Defence – Information Systems and Services, GB. Web:
3. Contract type: Service contract
4. Description: To work on the Digital Directories Services to provide authentication and authorisation for IdAM across OFFICIAL and SECRET domains.
5. CPV Code(s): 72262000, 72261000, 72260000, 72000000, 72261000
6. NUTS code(s): UKK, UKK1, UKK15
7. Main site or location of works, main place of delivery or main place of performance: Location South West England
Address where the work will take place The Project Delivery Team is located at MOD Corsham in Wiltshire (SN13 9NR). Occasional travel to Customers may be required dependent on the need, however this will be kept to a minimum.
8. Reference attributed by awarding authority: Not provided.
9. Estimated value of requirement: Budget range £ 2.5 – 2.9 Million (Ex VAT)
Contract Value includes a Limit of Liability for T&S of £40K.
10. Closing date for applications 23.9.2019 (23:59).
11. Address to which they must be sent: For further information regarding the above contract notice please visit
12. Other information: Deadline for asking questions Monday 16 September 2019 at 11:59pm GMT
Latest start date Monday 11 November 2019
Expected contract length 24 Months Contract. Extension Options: 2 optional 3 month extensions
About the work
Why the work is being done The handling of contact information and other directory related services are currently spread across disparate systems run under various outsourced contracts. The directories service needs to:
Ensure compliance with Data Protection Legislation
Improve compliance with National Cyber Security Centre guidelines and reduce security vulnerabilities
Create a more joined-up user experience that can meet the Digital Service Standard for live service
API enable important datasets in line with the Technology Code of Practice
Enable exit from several current contracts
Improve quality of the data, including related reference data (e.g. location and organisation)
Problem to be solved UK Defence is currently supported by a disparate collection of directory services which need to be rationalised.
The Partner will develop, configure and deliver the technical aspects of a Directories service, including:
Authentication for IdAM to the Defence Gateway and Core Network across both OFFICIAL and SECRET domains
Interfacing with the IdAM solution
A service that curates and makes available contact information, including related reference data on organisations and locations.
Providing the Active Directory (AD) that can authenticate/authorise users, devices and processes – working in tandem with Defence’s IdAM service.
Who the users are and what they need to do Users of MOD’s IT system want to present their credentials once to be authenticated both to MODNet (AD) and to the Single Sign-on Service (Identity Brokering Service (IBS) part of the IdAM service).
Members of the Defence community need to be able to update and use contact information for people they need to work with.
Defence Personnel sharing SECRET information need to be able to ensure the authenticity of recipients complies with National caveats.
Users working for Defence’s Allies and Partners around the globe need to be able to consume UK Defence contact information within their own IT systems.
Any work that’s already been done Some, but not all, baseline logical architecture identifying the key systems involved in providing directory information and the AD have been documented. An architectural decision has been taken that this service will include an AD and that it will be built within MOD cloud hosting (no technology choices for the ‘white/yellow pages’ part of the service have been made at time of writing).
An accompanying IdAM service, which includes Single Sign On (SSO) for Web applications and management of digital identities (including what roles/access they are permitted) for core authority personnel is about to enter closed beta.
Existing team A project manager to oversee this activity is currently in place.
The incoming team will receive support from the wider team working on identity and directories challenges including Architects, an Engineering Lead and a Senior project manager. They will provide guidance and ensure coherence across this and related work (but not detailed/solutions architecture).
Around 20 people are currently engaged on the IdAM project working collaboratively with the existing contractors; the directories and IdAM teams will be expected to work collaboratively following SAFe delivery principles.
Current phase Discovery
Working arrangements The Partner will be expected to work full time. The IdAM delivery team works in an Agile Scrum environment under the direction of a Scrum Master (Delivery Manager) and Project Manager. Current expectations are that the Digital Directories Team will be at Corsham at least 4 days per week. Travel and subsistence expenses to attend other sites will be payable from Corsham using current Civil Service T&S practices. Locations such as but not limited to: Andover, Farnborough & Gosport.
Security clearance Potential suppliers will be expected to hold or be in the process of obtaining SC Clearance. The Authority will not reimburse costs incurred to gain SC clearance, it must be in place and remain valid for the duration of the contract.
Additional terms and conditions The successful shortlist suppliers must request a Security Aspects Letter and provide a Cyber Essentials Certificate in line with Cyber Risk Assessment Reference Number: RAR-D2EZ9E2W.
T&S will be paid on receipted actuals in compliance with MoD policy , no other expenses are permitted.
Suppliers must use the Authorities Purchase to Payment Tool called CP&F or be prepared to sign up the tool.
Suppliers must adhere to the MOD Corsham working policies.
The following Quality Assurance standards will be applicable.
Concessions Def Stan 05-61 Part 1 Issue 6
Contractor Working Parties Def Stan 05-61 Part 4 Issue 3
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Essential skills and experience
Experience of successfully delivering a Directory service through a full project or development lifecycle in a large or complex organisation (including testing and deployment)
Proven and demonstrable experience of working with multi-disciplinary teams in an agile (SAFe) development/delivery environment
Experience developing large digital services that meet the Digital Service Standard for a growing community of users applying appropriate digital (Agile and user centric) methods, techniques and skills
Experience obtaining and merging information from a range of sources/systems and addressing data quality issues to provide identity, role and security attribute data supporting attribute based access control
Experience of building and testing an end-to-end digital directory service demonstrating a high level of quality
Experience in designing, deploying and operating services using public and private cloud infrastructure including up-to-date knowledge of AWS, Azure and VMWare
Experience in Active Directory solutions, including setting up forests, trees, domains and trusts for a large and complex organisation
Experience at providing Data Architecture to support solving complex problems, including: logical and physical data architectures, clear concept definitions and relationships, familiarity with x.500 directory structures
Experience of providing Data Engineering skills to merge and export large sets of data, including having addressed operational issues caused by differing quality and periodicities between datasets
Experience of DevOps Engineering – particularly automation, deploying builds, increments and releases through Continuous Integration and Deployment pipelines, as well as scripting environment builds and changes
Experience of designing and delivering Information Services with a high level of cyber and general security threat and very high criticality, and creating documents to achieve accreditation
Nice-to-have skills and experience
Experience in working within the MOD and knowledge of current Defence Directory Services
Experience of working with deployable capabilities
Experience of setting up and developing directories in conjunction with Identity and Access Management Services
Experience of designing and implementing transitional architectures to move from existing to future arrangements via a series of Minimum Viable Products and other iterative releases
Familiar with related Microsoft technologies including Azure Active Directory and Windows Hello; experience with presenting contact information to Microsoft Office 365 and Exchange users via Outlook etc
How many suppliers to evaluate 3
Proposal criteria
How you will provide the Authority with a high-quality team that embodies the required skills; in particular, why you believe the team (as a collective) will be high performing. (12%)
How you will balance being responsive/flexible to changing work demands (in terms of skills and capacity) as it progresses with the benefits of a stable and consistent team. (11%)
Indicative structure (people/roles in your proposed team and their main interrelationships), indicative profile (how team size and roles might change over time) and when they can start. (11%)
How you will identify and keep the organisation informed of risks, dependencies, issues and other considerations relevant to planning. (11%)
Your proposed approach and methodology for managing the development and transitioning of directories services: particularly how this will inform the backlog entries and priotisation of delivery and transition activities. (11%)
Proposed approach and methodology for achieving security/information assurance accreditation and maintaining it through the Agile development, including identifying threats, putting in place controls and engagement with the risk owner(s). (11%)
How you will ensure the service can meet the relevant digital service standard at various phases of development (e.g. closed beta, open beta, live). (11%)
How you will ensure that the service meets the organisation’s policy goals in terms of providing more secure Directories processes including incorporating existing policy. (11%)
Your approach to knowledge management, particularly how the Authority and its partners can support and maintain the Directories services after they have been developed. (11%)
Cultural fit criteria
Shares knowledge, experience and expertise with the Authority and other team members. (13%)
Be transparent and collaborative. (13%)
Evidence of how you foster an inclusive and professional working environment with no place for bullying or discrimination of any for. (13%)
Evidence that your organisation reflects the diversity of the country and how it attracts and retains the best talent. (13%)
Evidence of a willingness to take ownership of problems and use initiative to ensure a successful outcome. (12%)
Evidence of collaborative approach to problem solving with stakeholders from multiple organisations, including Civil Servants, other contractors and vendors. (12%)
Evidence of working successfully in an Agile manner within an organisation where some units: (particularly in relation to governance and project control processes) retain a big-design-upfront/command-and-control perspective. (12%)
Evidence of working with organisations and stakeholders with differing levels of technical expertise. (12%)
Payment approach Capped time and materials
Assessment methods
Written proposal
Case study
Presentation
Evaluation weighting
Technical competence
50%
Cultural fit
20%
Price
30%
TKR-201999-EX-1157121