Defence Online

Type of document: Contract Notice
Country: United Kingdom

1. Title: SECURITY ARCHITECTURE RESOURCE
2. Awarding Authority: Nuclear Decommissioning Authority (NDA), GB. Web:
3. Contract type: Service contract
4. Description: The Awarding Authority is looking for a supplier to provide resource with the necessary knowledge, skills and experience to help meet the demands for Security Architecture expertise across the NDA estate, on a range of projects and BAU activities. Example work packages: Network Segregation Expansion, Azure IaaS workload migration, PAW/Red Forest.
5. CPV Code(s): 72000000, 72260000, 72200000
6. NUTS code(s): UKD, UKD1, UKD11, UKD, UKD6, UKD61, UKM, UKM6, UKM61, UKD, UKD1, UKD11, UKD, UKD1, UKD12, UKJ, UKJ1, UKJ14UKK, UKK1, UKK12
7. Main site or location of works, main place of delivery or main place of performance: Location North West England
Work setup
Address where the work will take place Predominantly home based with some travel likely to the following locations:
Herdus House, Westlakes Science & Technology Park, Moor Row, Cumbria, CA24 3HU
Hinton House, Birchwood Park Avenue, Risley, Warrington, WA36GR
Dounreay Site Restoration Ltd, Dounreay, Thurso, Caithness, KW14 7TZ
Sellafield Site, Sellafield, Seascale, Cumbria, CA20 1PG
Nuclear Transport Solutions, Regents Court, Baron Way, Carlisle, Cumbria, CA64SJ
RWM, Building 329, Thompson Avenue, Harwell Campus, Didcot, Oxfordshire, OX11 0GD
Magnox Ltd, Oldbury Technical Centre, Oldbury Naite, Thornbury, South Glos, BS35 1RQ
Pelham House, Pelham Drive, Calderbridge, Cumbria, CA201DB
8. Reference attributed by awarding authority: Not provided.
9. Estimated value of requirement: Budget range £2- £3 million over 2 years
10. Closing date for applications 7.9.2021 (23:59).
11. Address to which they must be sent: For further information regarding the above contract notice please visit
12. Other information: Deadline for asking questions Tuesday 31 August 2021 at 11:59pm GMT
Latest start date Monday 1 November 2021
Expected contract length 2 years
About the work
Why the work is being done The NDA is 3 years into a Cyber Security and Resilience Programme, which is implementing change across all of its 8 operating companies.
A key component of CSRP is the establishment of a Security Architecture resource contract, which will provide operating companies with access to contract Security Architecture resources aligned to CIISec roles.
Contract Security Architecture roles will be used for BAU as well as project activity to support operating companies in the delivery of their objectives.
Problem to be solved Support the Cyber Security teams at NDA operating companies by providing architectural security advice, leadership and governance to programmes, projects and BAU activity and:-
Advise on security architecture designs for proposed systems and changes
Development of Security Architecture Polices, Principles, Patterns and Standards
Making and guiding effective decisions for highly complex architectures both on premise and in cloud environments
Articulating the impact of vulnerabilities on existing and future designs and systems to senior stakeholders
Advising on security concepts at a technical level across multiple projects, working with security tools, network security infrastructure technologies, and information security management frameworks
Who the users are and what they need to do As the lead for this work within the NDA , the CSRP Programme Manager will coordinate this activity and work but the work itself will be conducted for one of the 7 NDA operating companies.
Early market engagement
Any work that’s already been done
Existing team The supplier will work as part of the CSRP team, which is made up of a combination of NDA staff, contractors and other suppliers that are responsible for CSRP related services. The supplier may encounter other suppliers as they engage with NDA businesses, who have their own support teams and security services in place.
Current phase Discovery
Working arrangements Predominantly Home based working in the short term with on-site work at the discretion of the operating company.
The supplier PM and key personnel will be expected to be routinely available with CSRP daily stand-ups by conference call. Online communication is inevitable given the geographic spread of NDA sites
Security clearance SC minimum (or equivalent) and personnel may need to go through NDA clearance checks
Additional information
Additional terms and conditions Current forward demand for Security Architecture resource is in some cases indicative, any potential supplier is expected to provide flexibility within the contract to allow for periods of high and low demand
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Essential skills and experience
Recent experience (within the last 2 years) of placing Technical Security Architects/Senior Security Architects into delivery teams in government or Critical National Infrastructure
Evidence of supporting architecture functions in shaping the overall security architecture for portfolios, programmes and projects using open standards (such as TOGAF)
Evidence of providing architectural security advice to portfolios, programmes and projects for both OT and IT environments
Evidence of developing, documenting and maintaining security-architecture, policies and procedures, Security risk assessments. Conduct internal security-audits/remediation. Manage external security-audit. Ongoing skills-transfer and documentation.
Designing, delivering, securing cloud based security architecture. Ensuring security controls are appropriate to mitigate, minimise, treat discovered risks. Technical assurance to ensure compliance with security architecture, covering new/legacy systems
Ability to deliver an Agile project, using relevant programme tools
Ability to work with CSRP and operating companies to track and plan out forward work load across the NDA group.
Nice-to-have skills and experience
Experience in NDA/ONR environment
Already SC Cleared Personnel
How suppliers will be evaluated
All suppliers will be asked to provide a written proposal.
How many suppliers to evaluate 5
Proposal criteria
Essential Skills and experience
Ability to meet project start and ongoing timeframes
Value for Money
How the proposal and approach meets NDA objectives and needs
Cultural fit criteria
Work as a team with our organisation and other suppliers
Be transparent and collaborative when making decisions
Willingness to share wider knowledge and experience
Payment approach Capped time and materials
Additional assessment methods
Reference
Presentation
Evaluation weighting
Technical competence
60%
Cultural fit
20%
Price
20%
Questions asked by suppliersCan the Authority please confirm the expected team size that the winning tenderer will need to provide? Role Group Magnox NDA CC SL DSRL NTS LLWR RWM
Senior Sec Arch 4 44 2 44 10 4 4 4
total 116 days average per month
Minimum Number of Resources0.2 2 0.2 2 1 0.2 0.2 0.2
Total is 6 people
Log in to ask a question
TKR-2021825-EX-1677620