--- title: "SBRI Quantifying Insider Risk based on Public Information (Phase 1)" ocid: "ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8" canonical_url: "https://d3tenders.com/contract/?ocid=ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8" markdown_url: "https://d3tenders.com/contract/ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8.md" json_url: "https://d3tenders.com/contract/ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8.json" source: "Contracts Finder" current_stage: "Tender" buyer: "CABINET OFFICE" published: "2021-02-03" --- # SBRI Quantifying Insider Risk based on Public Information (Phase 1) Buyer: CABINET OFFICE Current stage: Tender OCID: ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8 [View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8) [Download OCDS JSON](https://d3tenders.com/contract/ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8.json) ## Summary The Cabinet Office is currently conducting a tender titled "SBRI Quantifying Insider Risk based on Public Information (Phase 1)", focused on enhancing national security vetting. This process falls under the services category, specifically in security software development. It is set in the United Kingdom, with the tender period ending on 17th February 2021 and the contract period commencing on 8th March 2021 and concluding on 3rd May 2021. An estimated budget of up to £250,000, including VAT, is allocated for this phase of the competition, which aims to assess mechanisms for evaluating insider risk using public data sources through an open procurement method. This tender presents a unique opportunity for businesses, especially small firms, and those owned by women or ethnic minorities, to collaborate with the government on advancing security measures. Companies with expertise in data analysis, public information utilisation, and software development would be well-positioned to compete for this contract. Successful competitors may also have the chance to progress to a second phase of the project, involving substantial research and development contracts aimed at creating prototypes for real-world application. ## Notice Problem Statement The Government Chief Security Officer Dominic Fortescue launched the Vetting Transformation Programme in October 2020. National security vetting, though comprehensive, needs to become more agile, flexible and consistent to mitigate insider risk effectively for staff in especially sensitive roles that require security clearance. "Insider risk" is defined as someone who knowingly or unknowingly misuses legitimate access to sensitive information, equipment or locations to commit a malicious act or damage the reputation of their employer. We are looking to learn how we can better use public information to quantify potential insider risk for existing and prospective employees as part of national security vetting. We would like to assess the extent to which enhanced open source online content provides relevant, unique, legally compliant and potentially actionable information for people risk management purposes. We will do this by prototyping systems that collect, analyse and present this data to users and/or to application programming interfaces (APIs). We would like your feasibility study to demonstrate some or all of the following: Your access to public data sources; Your ability to resolve public digital identities of subjects across platforms; Options for a combination of usable user interfaces and APIs to be directly consumed by a case management system; Options for role-based access control and integration with Single Sign On (SSO); The ability to filter personal information related to protected characteristics such as sexual orientation, gender identity or demographics; The explainability of machine-based determinations of risk; Processes for applying human judgement in assessing and evaluating machine-scored risks; The potential of your solution to support rapid workflows at scale. Key User Need Based on the public information found about an applicant or employee, the user needs to decide which categories of risk to apply to their assessment, guided by machine-scored risks and summarised public information. These risk categories include unintentional or non-malicious risk. For example, open sources might indicate that an employee may be experiencing alcohol, drug or other serious life stressors that could potentially affect their workplace reliability and wellbeing. Our users need to be legally compliant and acting in accordance with public policy as they make these determinations. Who is Eligible Applicants must be legal entities with strong ties to the UK. The contract that will be signed is a non-negotiable pre-market procurement instrument used in other SBRI competitions. Small businesses and woman- and ethnic minority-owned businesses are particularly encouraged to apply. Additional information: Other Information: Contract Structure The overall programme will be delivered over two phases; this contract is for the first phase. Up to PS250,000 (including VAT) is allocated to phase one of the competition, with potentially a number of simultaneous technical feasibility study contracts awarded of up to PS50,000k (including VAT) per project for up to 8 weeks. Phase two will award research and development contracts to Phase one project partners to develop prototypes and undertake field-testing. We target awarding up to two phase two contracts of up to PS150,000 each (including VAT) for up to 12 months of research, development and prototyping. Phase one will focus on the assessment of the individual mechanisms (e.g. identity resolution) that make up the total capability. Suppliers may wish to use synthetic, random or anonymised data to present their results. In phase two we will provide personally identifiable information (PII) from a subset of our population to the two successful vendors in order to assess the validity and reliability of their overall capability. The contract will terminate at the end of Phase two, and the chosen business will be expected to pursue commercialisation of their solution. Suppliers will retain intellectual property developed during the contract, but foreground and necessary background IP to exploit the solution must be available to license on equitable, non-royalty terms by the government. ## Key Details | Field | Value | | --- | --- | | Publication source | Contracts Finder | | Latest notice | https://www.contractsfinder.service.gov.uk/Notice/202b2315-217a-4317-a810-6d1becf4f0da | | Notice type | Tender Notice | | Procurement type | Standard | | Procurement category | Services | | Procurement method | Open | | Procurement method details | Open procedure (below threshold) | | Tender suitability | SME, VCSE | | Awardee scale | Not specified | | All stages | Tender | ## Dates | Field | Value | | --- | --- | | Publication date | 3 Feb 2021 | | Submission deadline | 17 Feb 2021 | | Future notice date | Not specified | | Award date | Not specified | | Contract period | 8 Mar 2021 - 3 May 2021 | | Recurrence | Not specified | ## Values | Field | Value | | --- | --- | | Tender value | £250,000 | | Lots value | Not specified | | Awards value | Not specified | | Contracts value | Not specified | ## Status | Field | Value | | --- | --- | | Tender status | Active | | Lots status | Not specified | | Awards status | Not specified | | Contracts status | Not specified | ## Buyer | Field | Value | | --- | --- | | Main buyer | CABINET OFFICE | | Locality | LONDON | | Post town | South West London | | Postcode | SW1A 2AS | | Country | England | | ITL 1 | TLI London | | ITL 2 | TLI3 Inner London - West | | ITL 3 | TLI35 Westminster and City of London | | Local authority | Westminster | | Electoral ward | St James's | | Westminster constituency | Cities of London and Westminster | | Delivery location | Not specified | ## CPV Codes ### Divisions - 72 - IT services: consulting, software development, Internet and support ### Codes - 72212730 - Security software development services ## Release History - 3 Feb 2021 at 15:53 - Tender - Tender Notice - https://www.contractsfinder.service.gov.uk/Notice/202b2315-217a-4317-a810-6d1becf4f0da ## Documents - https://www.contractsfinder.service.gov.uk/Notice/202b2315-217a-4317-a810-6d1becf4f0da 3rd February 2021 - Opportunity notice on Contracts Finder - https://www.contractsfinder.service.gov.uk/Notice/Attachment/047df6a1-094e-49a7-9942-458b98a9831e - https://www.contractsfinder.service.gov.uk/Notice/Attachment/f211a199-306c-4f2d-ad4c-e295d65b2133 - https://www.contractsfinder.service.gov.uk/Notice/Attachment/ba0f487f-2387-47a5-899d-8e64f93fbba7 - https://www.contractsfinder.service.gov.uk/Notice/Attachment/b2dee3e8-4ad7-4262-8a61-8f38da4b3e16 - https://www.contractsfinder.service.gov.uk/Notice/Attachment/d7c1c832-4a8d-4af9-bea4-bc3b854d64b2 - https://www.contractsfinder.service.gov.uk/Notice/Attachment/28116fc0-71bf-4895-8cfe-01657c893658 - https://www.contractsfinder.service.gov.uk/Notice/Attachment/eb2e60ad-28ed-4b2e-bb57-3bf8ff0a8cbb - https://www.gov.uk/government/news/we-are-transforming-vetting Vetting transformation overview: - https://www.gov.uk/government/publications/vetting-explained-and-our-vetting-charter/vetting-explained What is vetting: - https://www.gov.uk/government/publications/vetting-explained-and-our-vetting-charter/the-vetting-charter Vetting Charter: ## Provenance This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-b5fd17-534de89f-3b99-4f66-98f4-96cfcc42bca8.json.