II.2.2) Additional CPV code(s)
64212000
48223000
64210000
64216120
72212223
48517000
48511000
II.2.3) Place of performance
NUTS code:
UK
Main site or place of performance:
UNITED KINGDOM.
II.2.4) Description of the procurement
The Authority is looking to identify a supplier to take on and transform the existing services including; MFA SMS (OTP) and voice calling, outbound email and SMS capabilities (including multi device messaging), currently supported by multiple suppliers. This new combined email and text service will be a part of a range of communication services that will support the Authority’s strategy of communicating with the right customer at the right time through the right channel. Currently approximately 94 million SMS, 8 million voice calls and 220 million emails are issued per annum on behalf of HMRC.
The current scope for the SMS and voice calling as part of the multi-factor authentication service is:
• to send a unique six (6) digit access code to a customer. The Authority will be responsible for the creation and duration of the validity of any access code e.g. 15 minutes;
• the code must be sent to a landline or mobile via SMS (‘transactional route’) or voice;
• the user could be in the UK or abroad (anywhere in the world);
• the SMS is sent using a single unique short code/unique sender ID associated with The Authority – this must be provided by the supplier.
The current scope for Email and SMS campaigns is to provide:
• help and support to our customers;
• nudges and prompts;
• provide reassurance and prevent progress chasing; and
• seek customer feedback to help improve our services.
The successful supplier must deliver the new service in two phases:
Phase 1: Transition of the existing range of services to one service solution.
Phase 2: We are looking to exploit the top quartile capabilities provided in the solution to develop new and innovative ways of communicating with our customers, whether that be on a 121 or 1 to many basis, in a way that work seamlessly and through standard interfaces where necessary with the Authority’s other communication and communication management services.
HMRC requires potential providers to comply with the relevant essential requirements below or equivalent:
(a.) ISO-27001 Certification as accredited by UKAS or a comparable body;
(b) Cyber Essentials Certification;
(c) Cyber Essentials Plus Certification;
(d) Check approved pen testers on an annual basis or such time as both parties agree, for both internal and external system IP’s. Tested to OWASP latest guidelines;
(e) Cyber Risk Insurance;
(f) Security patch management system;
(h) data centres in the UK, with no data leaving the UK.
HMRC reserves the right to make services procured available to other publicly funded bodies including RCDTS, its wholly owned subsidiary company working on behalf of HMRC.
This contract is for a period of 24 months with approx. value of GBP 6.5 million with the provision to extend for a further 12-month term, total value of 24-month term with 12-month extension approx. GBP 9.75 million.
II.2.5) Award criteria
Quality criterion: Social, environmental and innovative characteristics
/ Weighting: 5
Quality criterion: Technical merit — service requirements
/ Weighting: 40
Quality criterion: Management activity
/ Weighting: 15
Cost criterion: Charges and invoicing
/ Weighting: 40
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No