Section one: Contracting authority
one.1) Name and addresses
Home Office
Peel Building, Marsham Street
LONDON
SW1P4DF
Contact
Robert McMullan
caidcommercial@homeoffice.gov.uk
Country
United Kingdom
NUTS code
UKI32 - Westminster
Justification for not providing organisation identifier
Not on any register
Internet address(es)
Main address
https://www.gov.uk/government/organisations/home-office
one.3) Communication
Additional information can be obtained from the above-mentioned address
one.4) Type of the contracting authority
Ministry or any other national or federal authority
one.5) Main activity
Public order and safety
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Home Office Child Abuse Image Database (CAID) Hosting and Associated Services 2 - Market Engagement
Reference number
9651
two.1.2) Main CPV code
- 72000000 - IT services: consulting, software development, Internet and support
two.1.3) Type of contract
Services
two.1.4) Short description
The Child Abuse Image Database (CAID) is the central image, video and hash store and associated applications that supports the identification of victims, depicted in Indecent Images of Children, and offenders that possess, distribute, and produce such imagery. CAID is a live critical Law Enforcement system, contracted through the Home Office. The current contract for CAID Hosting will expire March 2026 and CAID wants to re-procure these services.
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.2) Additional CPV code(s)
- 72000000 - IT services: consulting, software development, Internet and support
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
The Child Abuse Image Database (CAID) is the central image, video and hash store and associated applications that supports the identification of victims, depicted in Indecent Images of Children, and offenders that possess, distribute, and produce such imagery. CAID is a live critical Law Enforcement system, contracted through the Home Office. The current contract for CAID Hosting will expire March 2026 and CAID wants to re-procure these services which include:
• providing hosted and managed scalable infrastructure to operate the CAID live and test environments,
• providing connectivity of the infrastructure to UK law enforcement, and other stakeholders, with appropriate security and encryption,
• service management to maintain and update the infrastructure, supporting capabilities and CAID application suite, and
• protective monitoring of the infrastructure, CAID applications, Databases, and other software components.
All live CAID environments must be secured to host illegal media and highly sensitive personal data that is classed as Official (SENSITIVE). The Buyer currently considers this means:
• Hosted in UK based datacentres with Police Assured Secured Facility status, including the use of Tier 1 public cloud providers.
• Separated from other tenants so that underlying infrastructure providers have no access to the CAID applications or data.
• Secured connectivity and internal zone security.
• Regular scanning for vulnerabilities.
• A holistic anti-malware solution.
• Encrypted data at rest, with customer managed keys.
• Full auditing of administration and user activity.
• Monitored via Protective Monitoring.
• Strong RBAC with granular control.
This exercise will assess the marketplace and includes,
• Details of the CAID requirement and a questionnaire will be shared with suppliers who must first sign and return a Non-Disclosure Agreement/Security Aspects Letter (NDA/SAL) before material can be released. Please email the CAID Commercial Team, by 5th June 2024, at CAIDCommercial@homeoffice.gov.uk headed, 'Home Office CAID Hosting and Associated Services 2 Market Engagement' to register your interest.
• The NDA/SAL will then be sent for signature and return to the CAIDCommercial email address so material can be released.
• An online briefing event will be held in summer 2024, for those suppliers who signed an NDA/SAL, to explain the requirement and answer questions.
• The Team may conduct virtual online sessions with interested suppliers that complete and return the questionnaire. Note-the Home Office reserves the right to not hold virtual sessions.
The CAID Team will assess the results of this exercise and if a Tender exercise is agreed on, another PIN will be issued with details of the competition and services. This is a zero value PIN for early market engagement for information only and is not a call for competition. The Home Office reserves the right not to enter a formal procurement process or proceed with contract award.
two.2.14) Additional information
This exercise aims to gain an understanding and insight into the services available and suppliers who could provide these services.
This will inform the tender process and the specification of services. Therefore, this PIN is intended to signal the start of an information gathering exercise.
CAID's Hosting and Service Management has been provided since 2014 via the Public Service Network for Policing (PSNfP) contract.
Previously legal opinion, last updated in 2020, was that due to considerable data protection and other legal concerns, CAID data should not be held on cloud hosted infrastructure and should remain within Police owned data centres. Since this advice was given there has been considerable development in both cloud hosting technology and the needs and approaches of law enforcement efforts to combat child sexual abuse and exploitation. As such, this opinion had been revisited and it is now considered that removing these restrictions can be compliant with data protection requirements.
two.3) Estimated date of publication of contract notice
25 October 2024
Section four. Procedure
four.1) Description
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes