DVSA Commercial Vehicle Services Digital Delivery Partner

Description

Summary of the work DVSA have a requirement to replace legacy IT systems supporting the vehicle testing service. The digital delivery partner will develop and transition to a new digital service, whilst implementing service improvements for our users and customers. Please email CVSProject@dvsa.gov.uk to obtain a copy of the Requirements document. Expected Contract Length 10 - 15 months Latest start date Monday 6 September 2021 Budget Range Budget up to a maximum ceiling of £9m, excluding VAT. Why the Work is Being Done The vehicle testing operating model has evolved over time but there has been no change to the underlying technology and systems that support delivery of the service. This has resulted in manual workarounds, inefficiencies, data quality issues and a user/customer experience that is open to improvement. The service is currently delivered using an old legacy IT estate which is provided by a 3rd party under contract. DVSA have a requirement to reduce the risk posed by the current legacy systems, modernise the IT solution and exit the contract as soon as possible. The project provides an opportunity to re-design and re-develop the service so that it better meets user needs, for both our internal and external users. Problem to Be Solved The intention is to enable the decommissioning of legacy systems whilst modernising the digital solution; in doing so, align to the current operating model, reduce errors, increase the timeliness of data, better enabling our capacity to prevent non-roadworthy vehicles from operating. Customer benefits will include on-line services, improved payment processes and transparency in test information. Project investment objectives are. • The requirement to modernise the back-end infrastructure and move away from the existing IT contracts • The desire to provide a modern IT service to frontline and support staff • The need to improve our customers’ experience, for example in reducing processing times through modernised on-line services • A need to improve data capture, management information and data quality • The need for flexibility and agility to quickly respond to future needs of the service, changes to ways of working and to further improve road safety Seamless transition to the new service is necessary for our users. We will need expertise with end-to-end Service Design which will include off-line service components. The Project is re-designing the complete CVS service. We will need expertise with service transition and business change management to deliver the new services into the DVSA and Industry. Who Are the Users We have an advanced understanding of our users and their needs gained through insight sessions across our customer base including our own internal DVSA users. Personas have been developed and results documented. External primary users include, Authorised Testing Facility (ATFs) providers, Vehicle operators, manufacturers, builders as well as one off and repeat customers who require specialist vehicle tests, such as Dangerous Goods or Individual Vehicle Approval. Secondary users include, DfT, DVLA, DVA, TfL, Vehicle repairers, Road haulage and Passenger Vehicle Trade Associations. User requirements, include. • Making payments for test periods and other services • Applying for, paying, and booking specialist tests • Access to data, for legal, business management, road safety or environmental reasons, such as the availability of annual test and vehicle emission data for enforcement purposes Our internal customer base includes, frontline vehicle testing staff and back-office vehicle testing supporting teams. User requirements, include. • Creating, reading, editing, and deleting test results, technical and other records • Financial payment processing, reconciliation, and data management Early Market Engagement An engagement presentation was provided to interested suppliers on 24th March 21 with a clarification period through to the end of business on the 29th March 21. Q&A’s were published on 7th April 21. Please email CVSProject@dvsa.gov.uk for a copy of the pre-engagement information, including Q and A's and presentation recording, as required. To be viewed in conjunction with the requirements document. Work Already Done Beta work has been carried out on the CVS solution. An iOS application has been completed, called Vehicle Test Application (VTA), which is used in “Live” by DVSA’s vehicle assessors. Four further digital products that will constitute CVS have been identified and some work across these products has begun. We have a target technical architecture model. We have a view of the products that will be needed to provide the CVS service, in addition to which there is integration work, data migration and MI / reporting. We want to maximise use of as much of the completed work as possible. Existing Team The DVSA team will include. • Programme/Project Management. • Service Owner - with responsibility for the coherence of CVS. • Product Owners - will work with the technical teams to provide domain expertise, prioritisation of the work to ensure that it tracks to agreed outcomes. • Delivery Manager - will work closely with the supplier teams within the technology delivery ensuring that DVSA understand progress, work completed and delivery transparency. • Profession leads - covering Software Engineering, Platform Engineering, Solutions Architecture and Service Design. These roles will provide standards, assurance and share expertise as required through to Continuous Improvement Current Phase Beta Skills & Experience • Detail your experience, within the last 3 years of successfully delivering complex large-scale digital transformation projects which incrementally transition the service to modernised technology, whilst delivering value early. • Please detail your experience, within the last 3 years of designing and delivering digital services in accordance with the GDS service standards (or equivalent) including accessibility standards and digital support. • Detail how you approach planning and estimating large-scale digital deliveries, how you make these plans clear and how you communicate progress to customers. • Please detail your experience of user-centred Service Design and the practices and techniques that support this. • Please detail your experience using service and product visions, and in successfully facilitating shared understanding across multiple delivery teams through appropriate Agile practices. • Please detail your experience of managing technical dependencies between multiple teams ensuring that they have an integrated and releasable increment of software per iteration. • Please provide an example, within the last 3 years, detailing your experience and practices you have used to support building quality into digital delivery. • Please provide an example, within the last 3 years, detailing your experience of modern software development practices for a microservices architecture. • Please detail your experience of integrating new products into an existing architecture model. • Please provide an example, within the last 3 years, detailing your experience of general infrastructure tools and IaC tools including Jenkins, Terraform, Kubernetes, Azure DevOps, Azure Pipelines. • Detail your experience with AWS platform technologies: Amazon SQS, Amazon S3, Amazon SNS, SES, RDS, DynamoDB, Dynamo Stream, AWS Lambda, Amazon API Gateway and/or how you would provision this experience. • Please detail your experience and expertise with Microsoft Dynamics including: Dynamics Portals (PowerApps) and Liquid Templates, Dynamics CE, Dynamics URS, Dynamics BC and/or how you would provision this experience. • Please detail your experience with programming languages and frameworks including: JavaScript (Angular, Typescript, Node.js), .NET Core, C#, HTML/CSS and/or how you would provision this experience. • Please detail your experience with data migration tools and technologies including: Python, DMS over DirectConnect, DynamoDB, Dynamics and/or how you would provision this experience. • Please detail your experience with security and monitoring tools including: Incapsula WAF, Alert Logic, Amazon Guard Duty, AWS X-Ray, Amazon CloudWatch, Grafana and/or how you would provision this experience. • Please detail your experience with DVCS and repos including: Git, Code Commit (AWS infrastructure Data Pipeline Code), Azure Repository (Azure Components), Key Vault, AWS Secrets Manager. • Please detail your experience in creating, maintaining and improving automated development pipelines using tools such as GitHub, Maven, Nexus, Jenkins, JIRA and Confluence and automated testing frameworks. • Please detail your experience with automated test tools including: Java, Selenium, Cucumber, Maven, BrowserStack. • Please detail your experience working with Security Good Practice. This means compliance with NIST-800 and due consideration of NCSC & other HMG requirements (e.g. Cyber Essentials Plus). Nice to Haves • Please detail your experience in maintaining software currency throughout the Project lifecycle. • Please detail your experience of transitioning from a Project into a BAU service. • Please provide evidence of collecting and using customer (buyer) feedback for a large-scale delivery. • Please detail your experience of forming remote-first teams and describe remote working practices which support the team through the stages of group formation • Please detail your experience of release planning for a multi-product service. • Please detail your experience of working with Assurance partners/specialists to create a collaborative and positive dynamic to ensure good outcomes for the delivery. Work Location The project will be based in DVSA/Government offices in Nottingham. Initially this will be the Axis Building, 112 Upper Parliament Street, Nottingham, NG1 6LP. DVSA would expect supplier staff delivering the outcomes to spend a significant part of the working week at the Nottingham location. Travel to other locations may be required. Working Arrangments The Supplier is required to support the DVSA during normal opening hours (Monday to Friday 07:00 to 19:00), whilst covering deployment activities outside normal working hours. DVSA will provide a separate Delivery Assurance team (to be procured). This team will work with the DVSA profession leads and span across the disciplines required for successful technology delivery. The team will work collaboratively with the supplier as part of the delivery team. These roles seek to assist in building quality into the delivery across the specialisms. This will involve close collaboration, coaching and problem solving as part of the delivery team. Security Clearance All individuals must have Baseline Personal Security Standard (BPSS). Any individuals in Administrator roles, with access to bulk live data and/or with access to key front facing systems must be confirmed as holding an UK Security Clearance (SC). Security clearances will be at the supplier’s cost and time. Additional T&Cs Supplier travel and accommodation to the location where the work will take place (Nottingham) will be at the supplier’s expense. Travel, accommodation, and expenses to other sites, as required, must be pre-agreed between the parties and must be in line with the DVSA Travel and Subsistence (T&S) Policy. Further, detailed information will be provided to shortlisted Suppliers at the relevant stage of the procurement process. The full Statement of Requirements together with additional Beta information will be provided to shortlisted suppliers. No. of Suppliers to Evaluate 5 Proposal Criteria • How will you approach the Beta to ensure the outcome meets the CVS goals, benefits and user-needs within timescale and cost (5) • What team structure, roles and skill-sets do you propose? Include profiles/CV's and experience for key role holders. What is the availability, pause capability and ability to meet the security clearance(5) • Proposal for providing teams that have worked together previously, with track record of success(2.5) • Proposal for mobilisation, on-boarding and ramp-up of teams into the project(2.5) • The proposed Agile approach, how teams will produce an integrated and releasable increment of code per iteration(5) • How will technical dependencies and communication be managed across teams?(2.5) • How is risk managed by this approach?(2.5) • What are the key artefacts for the delivery and what is their purpose?(2.5) • What metrics will you report and how will the work and time remaining to complete be estimated and tracked?(2.5) • How will you deliver the technology requirements for this delivery and re-use where possible?(2.5) • Detail development pipelines and path-to-live including any gaps identified(5) • Detail innovation in technical tooling and/or practices that will benefit the delivery(2.5) • Proposal for participating with ITHC planning and support, participation in risk assessment and remediation activities(2.5) • Alerting DVSA to emergent security and data protection risks and owning and managing risks where appropriate(2.5) • Describe how you will build quality into all stages of the delivery(5) • Detail the behaviours required from teams for a robust approach to quality. Explain how you will encourage and coach for these behaviours(5) • Detail metrics or measures that you have used to help teams build quality into a delivery(5) • How will you approach managing across the interests of internal and external stakeholders in a complex environment(2.5) • Describe the approach to service transition and hand-over(2.5) • Social Value: Please respond in writing to demonstrate your planned action to support health and wellbeing, including physical and mental health, in your workforce for this contract(4) Cultural Fit Criteria • How would the supplier achieve a collaborative way of working as part of a wider project team, including other suppliers. How does this create a partnership?(5) • How will the supplier ensure openness and transparency within their teams, with the DVSA and with any other delivery partners?(5) • Proposed approach to ensure the transfer of knowledge and experience with the DVSA throughout this project(5) • Agile values and principles are referenced as a clear part of the supplier culture(5) Payment Approach Time and materials Assessment Method • Case study • Reference • Presentation Evaluation Weighting Technical competence 65% Cultural fit 15% Price 20% Questions from Suppliers 1. Who from your team will be scoring applications for this opportunity and what positions do they hold? The evaluation panel will be made up of the following roles. -Head of Digital Services -Head of Delivery Management – CVS -CVS Digital Service Owner -Head of Service Design & User Research -Principal Developer -Head of Information Management, Security & Assurance -Finance Business Partner DVSA reserve the right to change panel members should the need arise. 2. Who is the incumbent and how long they have been the incumbent? The initial Beta phase ran from September 2018 to November 2020. The project worked with Deloitte Digital during this phase. 3. Can you please advise the timelines of this procurement (e.g., shortlisted companies notified, anticipated contract award)? Also, can you confirm if shortlisted suppliers will have the opportunity to present? The following outlines the key dates for the competition. -Clarification Period end - 5th May 2021 -Tender responses closed - 12th May 2021 -Shortlisting Completed - 19th May 2021 -Notification of Shortlist Candidates - 20th May 2021 -Submit follow up documentation - 13th June 2021 -Evaluation Period - 14th - 25th June 2021 The customer may change this timetable at any time and potential suppliers will be informed if changes to this timetable are necessary. A presentation of the proposal will form part of the evaluation for shortlisted suppliers. 4. Could the Authority share the procurement timeline for shortlist, evaluation, presentation, and award? Key Competition dates:-Clarification Period end - 5th May 2021 -Tender responses closed - 12th May 2021 -Shortlisting Completed - 19th May 2021 -Notification of Shortlist Candidates - 20th May 2021 -Submit follow up documentation - 13th June 2021 -Evaluation Period - 14th - 25th June 2021 -Award- early August, subject to internal governance procedures. A presentation of the proposal forms part of the evaluation for shortlisted suppliers between 14th – 25th June. Shortlisted suppliers will be informed of the presentation date when receiving the shortlisting notification (20th May). Timeline subject to change at any time, suppliers will be informed. 5. Are suppliers permitted to use multiple examples (e.g. for requirement 18, where multiple automated test tools are required)? Yes, multiple examples are permitted. 6. The reference to the ‘Four further digital products that will constitute CVS’ – what stage are these products at and will the successful supplier undertake their end-to-end design/development? The products are at different stages. This is an Agile delivery, and we are expressing the outcomes required rather than defined scope for several known products. The Requirements document (please email CVSProject@dvsa.gov.uk for a copy of the Requirements document) details the outcomes for each CVS Service Milestone with reference to the capability required across the identified products. The technology stack to be used for the products has been decided along with high-level architecture and design. This is detailed in the Requirements document. 7. Experience working with Security Good Practice question. Are you referring to any specific security guides, or just security practices in general? This means compliance with NIST-800 and due consideration of NCSC & other HMG requirements (e.g. Cyber Essentials Plus). 8. We understand that “Security clearances will be at the supplier’s cost and time.” Are DVSA content to sponsor security clearances providing suppliers cover the costs? Yes, DVSA will provide sponsorship if needed. 9. In Q20 what do you mean by “software currency”? Keeping software versions current, specifically the experience a supplier has with strategies to assess the quality and health of Open-Source 3rd party dependencies and best practice in dependency management (with a particular focus on security), managing Language and Framework upgrades and dealing with deprecated and or removed functionality in integrations. 10. Can you please confirm that in all of these questions you want to receive an example of a single historic client engagement where we have carried out these essential or nice-to-have requirements. It is just that some of these questions can be read in different ways. Please use multiple examples and information as necessary to evidence the criteria. 11. To help us understand the right level of technical approach and detail we would be grateful if you can tell us the positions of the people who will be marking and moderating these answers. Will it be procurement people, operational, technical or a combination? The evaluation panel will be made up of the following roles. • Head of Digital Services• Head of Delivery Management – CVS• CVS Digital Service Owner• Head of Service Design & User Research• Principal Developer• Head of Information Management, Security & Assurance• Finance Business Partner DVSA reserve the right to change panel members should the need arise. 12. We would like to better understand your question “Please detail your experience in maintaining software currency throughout the Project lifecycle.”We define of software currency as the following – please correct us if this is incorrect:The practice of maintaining the software, its dependencies and integrations for the deployed solution to ensure maintainability, supportability, resilience and security.Question: At which of the following levels are you defining software currency? --Large SaaS versioning (e.g. Dynamics) --Platform dependencies (e.g. Oracle, AuroraDB, Informatica) --Component dependencies (e.g. CMS, React, Ionic) --Internal API versioning (e.g. for microservices) --Language versioning (e.g. Terraform, C#, Python, Java) This is a good definition. We did not mean API versioning; this question is about the experience a supplier has with strategies to assess the quality and health of Open-Source 3rd party dependencies and best practice in dependency management (with a particular focus on security), managing Language and Framework upgrades and dealing with deprecated and or removed functionality in integrations. 13. In reference to “support building quality into digital delivery.”, is there any specific quality area that you would like demonstrated? We’re interested in how quality is built-in from design and through development rather than being considered as a separate phase. How you ensure that teams have a releasable increment of software per iteration. 14. Please provide evidence of collecting and using customer (buyer) feedback for a large-scale delivery’ Could you please clarify what DVSA means by customer (buyer) please? This means feedback from your end customer at the organisational level e.g. contract manager or senior stakeholder and how you have used this. 15. Please provide evidence of collecting and using customer (buyer) feedback for a large-scale delivery”, is the buyer looking for evidence of gathering formal feedback from key/senior stakeholders, or e.g. DVSA staff/user feedback as part of research and testing? This means feedback from your end customer at the organisational level e.g. contract manager or senior stakeholder and how you have used this. 16. “Please detail your experience in maintaining software currency throughout the Project lifecycle”, is the buyer referring to software that has been developed and is in BAU, or software that is part-way through the development lifecycle? Keeping software versions current, specifically the experience a supplier has with strategies to assess the quality and health of Open-Source 3rd party dependencies and best practice in dependency management (with a particular focus on security), managing Language and Framework upgrades and dealing with deprecated and or removed functionality in integrations. 17. Please detail your experience using service and product visions, and in successfully facilitating shared understanding across multiple delivery teams through appropriate Agile practices”, is the buyer looking for examples where a supplier has helped shape a service/product vision (i.e. through service design), or where a supplier has taken on an existing “vision” (i.e. taken on established artefacts and concepts from the client or another supplier)? Either of these could make good examples as long as it is clear how shared understanding is then achieved across multiple delivery teams. 18. In five questions we are asked how we would “provision this experience”. Can you please expand upon what you mean by this phrase and what you are looking for. By ‘provision’ in this sense we mean to provide or supply something. If you have this experience in-house, then let us know. If not and you need to obtain the experience from elsewhere, we want to know if you have an established route, how you have done this in the past or intend to do it. 19. Can the buyer confirm that ethical walls are in place relating to those suppliers who have been involved in determining the scope of work covered by this procurement? DVSA have instilled management processes, barriers and disciplines that have created a zone of non-communication and separation between Members of the Bid Team and Members of the Operational Team to ensure conflicts of interest do not arise that could otherwise give an unfair competitive advantage to the Contractor in the Procurement Process. 20. Please confirm which roles you envisage the successful Delivery Assurance bidder to provide? The external roles we envisage to provide assurance are:• Lead Software Developer • Lead Quality Assurance • Solution Architect • DevOps Engineer• Agile BA• IMS Security role• Technical Architect These roles may change and may be sourced from more than one supplier. 21. Will DVSA provide departmental sponsorship for SC roles? It is acknowledged that the SC application will be at the suppliers cost and time. Yes, DVSA will provide sponsorship if needed. 22. How will price evaluation at 20% be calculated (e.g. total team profile cost, rate card etc)? Price will be calculated in accordance with the published guidance on the DOS5 framework. https://www.gov.uk/guidance/how-to-score-digital-outcomes-and-specialists-suppliers 23. Can you please confirm how you are ensuring fair competition across price – the incumbent, and those involved in scoping the procurement, will naturally have lower project initiation costs (even though the contract has expired)? Scoring has been heavily weighted towards technical ability and cultural fit. Price is set at 20% of the score within a disclosed budget range, which will reduce the impact of any small variance that could exist in initiation cost. 24. Question 19 on Security Good Practice, is evidence of working with Cyber Essentials Plus sufficient or do we have to provide evidence of working with NIST 800 too? We want evidence of compliance with NIST-800 but will except NIST-CSF. CE+ is compatible with NIST-CSF but you would need to show evidence beyond the minimal standard of CE+. 25. Question 19 on Security Good Practice, is evidence of working with Cyber Essentials Plus sufficient or do we have to provide evidence of working with NIST 800 too? We want evidence of compliance with NIST-800 but will except NIST-CSF. CE+ is compatible with NIST-CSF but you would need to show evidence beyond the minimal standard of CE+. 26. Are we able to sub contract parts of the requirements to near shore/off-shore teams if we are transparent at tender stage the subcontractor details etc? Subject to security checks and access levels, a supplier may propose the approach they think is most appropriate, including near/off-shore. Please be transparent at tender stage. Please refer to the CVS Requirements document (as referred to in the advert) as this covers near-shore and off-shore in far more detail. This is available by contacting CVSproject@dvsa.gov.uk 27. Can you please advise if TUPE is in scope for this contract? For this contract there will be no TUPE requirements. 28. With reference to the following requirement “Please detail your experience of integrating new products into an existing architecture model”. Can you please clarify how you are defining “new products” in this instance? For example, does it refer to a Commercial Off The Shelf product or a newly completed feature? We mean ‘product’ in the general sense of how this is used in Agile development. A new product could be CotS or it could be bespoke. 29. Will the scores from the evidencing round be taken through to final evaluation? Or, will they only be used for the purposes of down-selecting suppliers? Scoring during stage 1 of the process will be used to arrive at the required number of shortlisted suppliers to evaluate. This will not automatically flow through to the evaluation stage but may be referred to should there be a tie at top score following evaluation. 30. With reference to your following clarification response “A presentation of the proposal will form part of the evaluation for shortlisted suppliers”. How will the presentation be evaluated and how will it affect scores from the proposal? Shortlisted suppliers will be asked to present and explain their proposals, time will be included for clarification questions. Scoring will be based on the proposal and cultural fit criteria and a single score given across written and presentation evidence. 31. Will the buyer facilitate shortlisted bidders to evaluate the quality or otherwise of what has been delivered to date (particularly in Dynamics) by the incumbent? Yes, as far as possible. We will be able to share demo versions where these are available, GitHub links to our code where we have these, and we hope to be able to make the Azure repos accessible to shortlisted suppliers for Dynamics. All shortlisted suppliers will be required to complete a Non Disclosure Agreement prior to DVSA sharing the above information.