Closed

Provision of Defence Cyber Protection (DCPP) Tool

Ministry of Defence, Information Systems and Services, ISS Commercial Sourcing Team · £1,800,000 – £5,000,000 · closes 16 Dec 2019

£1,800,000 – £5,000,000

Estimated value

Closed

Deadline

20 Nov 2019

Published

This tender has closed.

See what's open in software, or get contracts like this in your inbox each morning — free.

Set up free alertsOpen software tenders

About this contract

The United Kingdom Ministry of Defence will be placing a contract to replace the current Supplier Cyber Protection Tool, which enables the MOD's Defence Cyber Protection Partnership (DCPP) Cyber Security Model. The tool provides both Risk Assessment (RA) and Supplier Assurance Questionnaire (SAQ) functionality, ensuring the process can be flowed down the supply chain. The tool is accessed via the www.gov.uk website and must adhere to UK Government Digital Service (GDS) requirements for design. It uses GDS' Verify online authentication tool to authenticate some of the users. Users log in using multi-factor authentication and are taken to a dashboard showing their existing submissions and can elect to complete an RA or an SAQ. On completion of an RA, the tool calculates the cyber risk profile (N/A, Very Low, Low, Moderate or High) and advises this, together with an RA reference, to the RA author. SAQ authors respond to a specific RA using the RA reference. When flowing down, a contractor's RA (for a sub-contract) is linked back to their original SAQ response. The combination of linked RAs and SAQs provides visibility of the supply chain, for which subcontractor names will be hidden to all except their immediate customer, and to a small number of super-users within MOD. RA and SAQ authors also have options to save, continue and re-use questionnaires and invite collaboration, and anyone may produce a trial RA or SAQ. Only MOD users may initiate a top-level RA. The initial requirement is for a tool, to be delivered as a managed service, consisting of a workflow and back-end database, to replicate the functionality of the current tool, in terms of the process described above. The new tool will be hosted on the MOD Cloud (see supplementary information attached to the PQQ). Further enhancements to extend the functionality to other areas (including secure by design in product/system design and development) will be sought through the ITT process including, but not limited to, those which might offer updates on the cyber security status of particular suppliers. This is intended to be managed through a staged approach, building on the proven effective and stable operation of the baseline functionality. This requirement is specific to MOD needs, with wider Government having an interest in the output. A Commercial Exploitation Licence will be sought as part of the ITT to reflect this. Additional information: To view this notice, register as a supplier here: http://www.contracts.mod.uk/delta/signup.html?userType=supplier and search for the notice with reference 'UK-Corsham: Industry specific software package.'.

Key dates

Published20 Nov 2019
Submission deadline16 Dec 2019 Add to calendar ↓

Source

Tender documents portalOpen ↗
Source notice on Contracts FinderView ↗

Who to contact

Phone+4403067702034

Tender documents

tenderNoticeOpen ↗

Similar open tenders

Contains public sector information licensed under OGL v3.0