Contract notice
Section I: Contracting
authority
I.1) Name and addresses
HM Revenue and Customs
5W Ralli Quays
Salford
M60 9LA
UK
Contact person: Aman Kang
Telephone: +44 7870860470
E-mail: amandip.kang@hmrc.gov.uk
NUTS: UK
Internet address(es)
Main address: https://www.gov.uk/government/organisations/hm-revenue-customs
I.2) Joint procurement
The contract is awarded by a central purchasing body
I.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge at:
https://www.contractsfinder.service.gov.uk/Search
Additional information can be obtained from another address:
Ken Webster
5W Ralli Quays
Salford
WN6 9LA
UK
E-mail: ken.webster1@hmrc.gov.uk
NUTS: UK
Internet address(es)
Main address: www.gov.uk/hm-revenue-and-customs
Tenders or requests to participate must be sent electronically to:
https://service.ariba.com/Sourcing.aw/ad/s4FullSelfRegister
Tenders or requests to participate must be sent to the abovementioned address
I.4) Type of the contracting authority
Ministry or any other national or federal authority, including their regional or local subdivisions
I.5) Main activity
Other: Direct and Indirect Taxation
Section II: Object
II.1) Scope of the procurement
II.1.1) Title
Multi-Factor Authentication
Reference number: SR268256436
II.1.2) Main CPV code
64212100
II.1.3) Type of contract
Services
II.1.4) Short description
This is to alert interested parties that HM Revenue and Customs (HMRC) is going out to tender to meet its needs for the provision of SMS and voice calling as part of a multi-factor authentication process and customer service campaigns. HMRC send out access codes to their customers via SMS or voice to either landlines or mobiles, anywhere in the world.
II.1.5) Estimated total value
Value excluding VAT:
9 500 000.00
GBP
II.1.6) Information about lots
This contract is divided into lots:
No
II.2) Description
II.2.2) Additional CPV code(s)
64210000
64212000
II.2.3) Place of performance
NUTS code:
UK
Main site or place of performance:
UNITED KINGDOM.
II.2.4) Description of the procurement
The authority intends to award a single supplier contract for the provision of a SMS and voice calls service as part of a multi-factor authentication process. Currently approximately 80 000 000 SMS a year and 2 000 000 voice calls are issued per annum on behalf of HMRC. The service consists of 2 elements – multi-factor authentication and customer service campaigns.
1) The current scope for the SMS and voice calling as part of the multi-factor authentication service is limited to the following:
(a) to send a 6 digit access code (that expires after 15 minutes) to a customer;
(b) the code can be sent to a landline or mobile via SMS or voice;
(c) the user could be in the UK or abroad (anywhere in the world);
(d) the code is sent using a short code associated with HMRC;
(e) to provide a helpdesk function to investigate issues customers have with receiving the access code;
(f) to provide development/changes at nil cost.
2) The SMS service as part of customer service campaigns include all above multi-factor authentication requirements with the below additional requirements:
(a) ability to have 2-way SMS if needed, where customers can reply to SMS, and ability to view replies and MI;
(b) search facility, to show all SMS a customer has received;
(c) ability to see if SMS has been opened/read;
(d) a dead number check. The supplier must check if a number is live or dead before SMS is sent. This must be at a significantly lower cost than the sending of an SMS. If the check fails, this must not prevent the SMS from being sent. Dead numbers will then need to be screened against for future campaigns and removed as necessary.
HMRC requires potential providers to comply with the relevant essential requirements below or equivalent:
(a) ISO-27001 Certification as accredited by UKAS or a comparable body;
(b) Cyber Essentials Certification;
(c) Cyber Essentials Plus Certification;
(d) Pen Testing by CREST approved third party auditor every 3 months for both internal and external system IP’s. Tested to OWASP latest guidelines;
(e) Dedicated server architecture either third party or owned, must be UKAS accredited to ISO-27001, ISO14001, ISO-9001, ISO18001;
(f) Cyber risk insurance;
(g) Security patch management system
II.2.5) Award criteria
Criteria below:
Quality criterion: Social, environmental and innovative characteristics
/ Weighting: 5
Quality criterion: Technical merit — service requirements
/ Weighting: 35
Quality criterion: Technical merit — management activity
/ Weighting: 10
Cost criterion: Charges and invoicing
/ Weighting: 50
II.2.6) Estimated value
Value excluding VAT:
9 500 000.00
GBP
II.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 24
This contract is subject to renewal: Yes
Description of renewals:
The contract will be for a period of 2 + 1 years (24 + 12 months). There will be the option extend by 12 months after the initial 24 month term. The estimated value outlined above is inclusive of the 12 month extension.
II.2.9) Information about the limits on the number of candidates to be invited
II.2.10) Information about variants
Variants will be accepted:
No
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
II.2.14) Additional information
Interested parties, will need to register at the below website, to access HMRC questionnaires and submit tender responses: http://hmrc.supplier-eu.ariba.com/ad/register/SSOActions?type=full
Please email e.procurement@hmrc.gov.uk, amandip.kang@hmrc.gov.uk and bhavina.patel1@hmrc.gov.uk with the information (AN Number) detailed at Section VI.3) in order to access the tender event.
Section III: Legal, economic, financial and technical information
III.1) Conditions for participation
III.1.2) Economic and financial standing
List and brief description of selection criteria:
Full details regarding legal, economic, financial and technical information to be provided at the tender stage will be detailed in the tender documentation. Potential tenderers should be aware, however, that they may be required to forward the following information:
(a) a copy of the most recent audited accounts covering the Tenderer’s last 2 years of trading (or for the period that is available if trading for less than 3 years); or
(b) for the most recent full year of trading, where this information is not available in audited form, a copy of the draft or unaudited financial accounts or equivalent information showing the tenderer’s turnover, profit and loss and cash flow position and an end period balance sheet or, where this cannot be provided, a statement signed by the finance director or similar responsible person detailing any major changes in the current financial position since the date of the latest audited accounts provided.
Minimum level(s) of standards required:
Suppliers must not propose solutions with annual costs which are higher than 50 % of their annual turnover.
III.1.3) Technical and professional ability
Minimum level(s) of standards required:
HMRC requires potential providers to comply with the relevant or equivalent essential requirements below:
(a) ISO-27001 Certification as accredited by UKAS or a comparable body;
(b) Cyber Essentials Certification;
(c) Cyber Essentials Plus Certification;
(d) Pen Testing by CREST approved third party auditor every 3 months for both internal and external system IP’s. Tested to OWASP latest guidelines;
(e) Dedicated server architecture either third party or owned, must be UKAS accredited to ISO-27001, ISO14001, ISO-9001, ISO18001;
(f) Cyber risk insurance;
(g) Security patch management system.
III.2) Conditions related to the contract
Section IV: Procedure
IV.1) Description
IV.1.1) Type of procedure
Open procedure
IV.1.8) Information about Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement:
Yes
IV.2) Administrative information
IV.2.1) Previous publication concerning this procedure
Notice number in the OJ S:
2019/S 161-396435
IV.2.2) Time limit for receipt of tenders or requests to participate
Date:
20/01/2020
Local time: 12:00
IV.2.4) Languages in which tenders or requests to participate may be submitted
EN
IV.2.6) Minimum time frame during which the tenderer must maintain the tender
Duration in months: 6 (from the date stated for receipt of tender)
IV.2.7) Conditions for opening of tenders
Date:
20/01/2020
Local time: 12:00
Place:
Salford.
Information about authorised persons and opening procedure:
The authority will be using an e-Sourcing (eTendering) tool/application for this procurement. This prevents any information provided by the applicant or tenderer from being viewed by the authority until the eSourcing event is closed. The e-sourcing (eTendering) application will display the closing date/time within the event and automatically close the event when the time is reached. Once the event is closed only personnel who have access to the event within the system will be able to open and view the tender responses. Therefore, the opening time for tenders will coincide with the close date and time for the event and all tenders will become visible to personnel who have access to the event within the system.
Section VI: Complementary information
VI.1) Information about recurrence
This is a recurrent procurement:
Yes
Estimated timing for further notices to be published:
24 months
VI.2) Information about electronic workflows
Electronic ordering will be used
Electronic invoicing will be accepted
Electronic payment will be used
VI.3) Additional information
The contracting authority considers that this contract may be suitable for economic operators that are small or medium enterprises (SMEs). However, any selection of tenderers will be based solely on the criteria set out for the procurement. Economic operators who wish to view the tender documentation electronically can do so by searching on the contracts finder website: https://www.contractsfinder.service.gov.uk/Search login 48 hours after the dispatch of this notice. HMRC uses an HMRC instance of SAP Ariba Sourcing Pro (thereafter referred to as HMRC’s SAP Ariba) and this must be used to express an interest and/or bid for the opportunity. (Further information about HMRC’s SAP Ariba is available on the HMRC website: www.hmrc.gov.uk/about/supplying.htm) Economic operators who have used HMRC’s SAP Ariba previously will be registered as part of the HMRC Ariba Supplier Network and you should access the system to obtain your account ID number. Contact details on the system should be checked and, where necessary, additional users added to help avoid multiple registrations for the same organisation. Previously registered users having difficulty recovering their account ID number or identifying users within their organisation should email for assistance sapariba.hmrcsupport@hmrc.gov.uk
Economic operators using HMRC’s SAP Ariba for the first time, including suppliers who are already registered on the wider SAP Ariba supplier network, will need to register at http://hmrc.supplier-eu.ariba.com/ad/register/SSOActions?type=full. (You must ensure that you are directed to the registration page for HMRC’s SAP Ariba, identified with the HMRC logo at the top of the page, and to do this you may need to cut and paste the web address directly into your web browser).
You will receive a system generated email asking you to activate your SAP Ariba supplier account by verifying your email address. Once you have completed the activation process you will receive a further email confirming the ‘registration process is now complete’ and providing you with ‘your organisation’s account ID’ number. If an email response from HMRC is not received within one working day of your request, please re-contact sapariba.hmrcsupport@hmrc.gov.uk (after first checking your spam in-box) notifying non-receipt and confirming when your registration request was first made.
Once you have obtained ‘your account ID’ number, please email amandip.kang@hmrc.gov.uk and Bhavina.patel1@hmrc.gov.uk with the following information as confirmation that you wish to express an interest and/or bid for the opportunity.
The contract reference shown in Section IV.3.1) of this contract notice.
Your HMRC SAP Ariba account ID: AN
Your organisation’s name:
Your name:
Your email address:
Your telephone number:
Economic operators who have complied with the foregoing will receive an e-mail confirming access to the online questionnaires. If access is not provided within one working day, please contact amandip.kang@hmrc.gov.uk and bhavina.patel1@hmrc.gov.uk (after first checking your spam in-box) notifying non-receipt and confirming when your request for access to the online questionnaires was first made.
Questionnaires must be fully completed (and any associated hard-copy documents received by HMRC) no later than 12:00 on 20.1.2020. The deadline for clarification questions is 13.1.2020 with responses provided by the 15.1.2020 which will allow the required 6 days for the information to be considered. Tenders not submitted in the required form (or containing the requested information) may be rejected. HMRC does not bind itself to accept any tender and reserves the right to accept any part of the tender unless the tenderer expressly stipulates to the contrary.
To view this notice, please click here:
https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=459021032
GO Reference: GO-20191218-PRO-15703192
VI.4) Procedures for review
VI.4.1) Review body
HM Revenue and Customs
5W Ralli Quays
Salford
M60 9LA
UK
E-mail: amandip.kang@hmrc.gov.uk
VI.5) Date of dispatch of this notice
18/12/2019