Section one: Contracting authority/entity
one.1) Name and addresses
Cabinet Office
70 Whitehall
LONDON
SW1A2AS
Contact
Chris Barlow
commercial@cabinetoffice.gov.uk
Country
United Kingdom
NUTS code
UKI32 - Westminster
Justification for not providing organisation identifier
Not on any register
Internet address(es)
Main address
https://www.gov.uk/government/organisations/cabinet-office
one.4) Type of the contracting authority
Ministry or any other national or federal authority
one.5) Main activity
Public order and safety
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Host, manage, maintain and running of The National Security Vetting System
two.1.2) Main CPV code
- 72212100 - Industry specific software development services
two.1.3) Type of contract
Services
two.1.4) Short description
This Voluntary Ex Ante Transparency (VEAT) notice relates to the provisions of services to host, manage, maintain and run Cabinet Office's UK Security Vetting (UKSV) Agency's National Security Vetting System (NSVS). This is a direct award for the services provided by the incumbent in the running of the existing NSVS system, which is a critical security system used by HMG and a significant component of this legacy system's IP is owned by the incumbent. The NSVS system sits in a highly secured accredited environment.
This legacy system is about 10 years old and is in need of transformation. The transformation programme to develop a new vetting system is separately being looked at by UKSV.
two.1.6) Information about lots
This contract is divided into lots: No
two.1.7) Total value of the procurement (excluding VAT)
Value excluding VAT: £0.01
two.2) Description
two.2.2) Additional CPV code(s)
- 72212170 - Compliance software development services
two.2.3) Place of performance
NUTS codes
- UKI - London
two.2.4) Description of the procurement
This Voluntary Ex Ante Transparency (VEAT) notice relates to the provisions of services to host, manage, maintain and run Cabinet Office's UK Security Vetting (UKSV) Agency's National Security Vetting System (NSVS). This is a direct award for the services provided by the incumbent in the running of the existing NSVS system, which is a critical security system used by HMG and a significant component of this legacy system's Intellectual Property (IP) is owned by the incumbent. The NSVS system sits in a highly secured accredited environment.
This legacy system is about 10 years old and is in need of transformation. The transformation programme to develop a new vetting system is separately being looked at by UKSV.
NSVS is faced by highly sophisticated attacks conducted by nation-states with near-limitless resources. A complex set of specific requirements are needed to help keep NSVS (and more importantly the vetting data that it holds) safe and secure, which are being developed as part of the planning for a replacement system and service. The current system is held in a high trust environment in the MoD estate, accredited to a set of standards set by the UK Government's National Technical Authorities including the National Cyber Security Centre and the National Protective Security Authority (NPSA, formerly CPNI). The system is subject to monitoring and access control procedures that are conducted by the MoD, tailored to the configuration of the NSVS system and platform.
The National Security Vetting System (NSVS) was built by the incumbent, who was consequently awarded the contract to host, manage, maintain and run NSVS. Built around its predecessor, NSVS was launched into service in 2015. The current contract includes the NSVS service provision and management approach, underpinned by their delivery model below.
The NSVS service comprises the following features:
● Service governance;
● In service management;
● Service desk;
● Information Technology Infrastructure Library (ITIL shared services);
● Data centres;
● Hosting services and event management;
● Security Operations Centre monitoring;
● Application management;
● Management of change.
In addition, the new contract provides enhanced performance management and reporting, clear exit obligations and a value for money commercial model. These new provisions will mean that the UKSV transformation programme can open up options for a long-term replacement solution for NSVS.
two.2.11) Information about options
Options: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Negotiated without a prior call for competition
- The works, supplies or services can be provided only by a particular economic operator for the following reason:
- absence of competition for technical reasons
Explanation:
NSVS is the only IT platform available to process requests for national security vetting that meets the requirements of both UKSV and its customers. UKSV is an important apparatus protecting the UK from attack by ensuring that suitably qualified people are appropriately vetted during the appointment process. A surge in demand caused by the war in Ukraine and a backlog due to Covid-19 placed increased pressure on the system which has delayed any meaningful transformation work. Cabinet Office has resumed work on transformation but it is not practically possible for a replacement system for NSVS, supplied by an economic operator other than the incumbent, to be procured and operational in time for the expiry of the current contract in February 2024 because:
• there are no suitable commercial off the shelf products available that would support a quick re-procurement exercise;
• replacing the incumbent with another supplier would mean replicating a very specific set of security controls and building a new environment to manage that complexity, which cannot be done before February 2024; and
• The incumbent owns essential intellectual property that interfaces with another supplier's software and systems. Any new supplier would need to build a similar interface solution to connect to multiple sources and translate data into suitable formats for the rest of the system to process which would require a considerable length of time.
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: No
Section five. Award of contract/concession
A contract/lot is awarded: Yes
five.2) Award of contract/concession
five.2.1) Date of conclusion of the contract
1 August 2023
five.2.2) Information about tenders
The contract has been awarded to a group of economic operators: No
five.2.3) Name and address of the contractor/concessionaire
CGI IT UK Limited
London
Country
United Kingdom
NUTS code
- UKI - London
Justification for not providing organisation identifier
Not on any register
The contractor/concessionaire is an SME
No
five.2.4) Information on value of contract/lot/concession (excluding VAT)
Total value of the contract/lot/concession: £0.01
Section six. Complementary information
six.4) Procedures for review
six.4.1) Review body
Public Procurement Review Service
London
Country
United Kingdom