Skip to main content

We've saved some files called cookies on your device. These cookies are:

  • essential for the site to work
  • to help improve our website by collecting and reporting information on how you use it

We would also like to save some cookies to help tailor communications.

BETA
You're viewing an updated version of this service - your feedback will help us to improve it.
Give Feedback
Cymraeg
Sign in

Contract Award Notice

Multi-factor Authentication

  • First published: 10 July 2020
  • Last modified: 10 July 2020

The buyer is not using this website to administer the notice.

To record your interest or obtain additional information or documents please find instructions within the Full Notice Text. (NOTE: Contract Award Notices and Prior Information Notices do not normally require a response)

Contents

Summary

OCID:
Published by:
HM Revenue and Customs
Authority ID:
AA74628
Publication date:
10 July 2020
Deadline date:
-
Notice type:
Contract Award Notice
Has documents:
No
Has SPD:
No
Has Carbon Reduction Plan:
N/A

Abstract

The authority intends to award a single supplier contract for the provision of a SMS and voice calls service as part of a multi-factor authentication process. Currently approximately 80 million SMS a year and 2 million voice calls are issued per annum on behalf of HMRC. The service consists of two elements – multi-factor authentication and customer service campaigns.

1) The current scope for the SMS and voice calling as part of the multi-factor authentication service is limited to the following:

(a) to send a 6 digit access code (that expires after 15 minutes) to a customer;

(b) the code can be sent to a landline or mobile via SMS or voice;

(c) the user could be in the UK or abroad (anywhere in the world);

(d) the code is sent using a short code associated with HMRC;

(e) to provide a helpdesk function to investigate issues customers have with receiving the access code;

(f) to provide development/changes at nil cost.

2) The SMS service as part of customer service campaigns include all above multi-factor authentication requirements with the below additional requirements:

(a) ability to have 2-way SMS if needed, where customers can reply to SMS, and ability to view replies and MI;

(b) search Facility, to show all SMS a customer has received;

(c) ability to see if SMS has been opened/read;

(d) a dead number check.

The supplier must check if a number is live or dead before SMS is sent. This must be at a significantly lower cost than the sending of an SMS. If the check fails, this must not prevent the SMS from being sent. Dead numbers will then need to be screened against for future campaigns and removed as necessary.

HMRC requires potential providers to comply with the relevant essential requirements below or equivalent:

(a) ISO-27001 Certification as accredited by UKAS or a comparable body

(b) Cyber Essentials Certification

(c) Cyber Essentials Plus Certification

(d) Pen Testing by CREST approved third party auditor every 3 months for both internal and external system IP’s. Tested to OWASP latest guidelines

(e) Dedicated server architecture either third party or owned, must be UKAS accredited to ISO-27001, ISO14001, ISO-9001, ISO18001

(f) Cyber Risk Insurance

(g) Security Patch Management System.

Full notice text

Contract award notice

Results of the procurement procedure

Section I: Contracting entity

I.1) Name and addresses

HM Revenue and Customs

5W Ralli Quays

Salford

M60 9LA

UK

Contact person: Aman Kang

Telephone: +44 7870860470

E-mail: amandip.kang@hmrc.gov.uk

NUTS: UK

Internet address(es)

Main address: https://www.gov.uk/government/organisations/hm-revenue-customs

I.2) Joint procurement

The contract is awarded by a central purchasing body

I.4) Type of the contracting authority

Ministry or any other national or federal authority, including their regional or local subdivisions

I.5) Main activity

Other: Direct and Indirect Taxation

Section II: Object

II.1) Scope of the procurement

II.1.1) Title

Multi-factor Authentication

Reference number: SR268256436

II.1.2) Main CPV code

64212100

 

II.1.3) Type of contract

Services

II.1.4) Short description

This is to alert interested parties that HM Revenue and Customs (HMRC) is going out to tender to meet its needs for the provision of SMS and voice calling as part of a multi-factor authentication process and customer service campaigns. HMRC send out access codes to their customers via SMS or Voice to either landlines or mobiles, anywhere in the world.

II.1.6) Information about lots

This contract is divided into lots: No

II.2) Description

II.2.2) Additional CPV code(s)

64210000

64212000

II.2.3) Place of performance

NUTS code:

UK


Main site or place of performance:

UNITED KINGDOM.

II.2.4) Description of the procurement

The authority intends to award a single supplier contract for the provision of a SMS and voice calls service as part of a multi-factor authentication process. Currently approximately 80 million SMS a year and 2 million voice calls are issued per annum on behalf of HMRC. The service consists of two elements – multi-factor authentication and customer service campaigns.

1) The current scope for the SMS and voice calling as part of the multi-factor authentication service is limited to the following:

(a) to send a 6 digit access code (that expires after 15 minutes) to a customer;

(b) the code can be sent to a landline or mobile via SMS or voice;

(c) the user could be in the UK or abroad (anywhere in the world);

(d) the code is sent using a short code associated with HMRC;

(e) to provide a helpdesk function to investigate issues customers have with receiving the access code;

(f) to provide development/changes at nil cost.

2) The SMS service as part of customer service campaigns include all above multi-factor authentication requirements with the below additional requirements:

(a) ability to have 2-way SMS if needed, where customers can reply to SMS, and ability to view replies and MI;

(b) search Facility, to show all SMS a customer has received;

(c) ability to see if SMS has been opened/read;

(d) a dead number check.

The supplier must check if a number is live or dead before SMS is sent. This must be at a significantly lower cost than the sending of an SMS. If the check fails, this must not prevent the SMS from being sent. Dead numbers will then need to be screened against for future campaigns and removed as necessary.

HMRC requires potential providers to comply with the relevant essential requirements below or equivalent:

(a) ISO-27001 Certification as accredited by UKAS or a comparable body

(b) Cyber Essentials Certification

(c) Cyber Essentials Plus Certification

(d) Pen Testing by CREST approved third party auditor every 3 months for both internal and external system IP’s. Tested to OWASP latest guidelines

(e) Dedicated server architecture either third party or owned, must be UKAS accredited to ISO-27001, ISO14001, ISO-9001, ISO18001

(f) Cyber Risk Insurance

(g) Security Patch Management System.

II.2.5) Award criteria

Quality criterion: Social, environmental and innovative characteristics / Weighting: 5

Quality criterion: Technical merit — service requirements / Weighting: 35

Quality criterion: Technical merit — management activity / Weighting: 10

Cost criterion: Charges and invoicing / Weighting: 50

II.2.11) Information about options

Options: No

II.2.13) Information about European Union funds

The procurement is related to a project and/or programme financed by European Union funds: No

II.2.14) Additional information

Interested parties, will need to register at the below website, to access HMRC questionnaires and submit tender responses: http://hmrc.supplier-eu.ariba.com/ad/register/SSOActions?type=full

Please email e.procurement@hmrc.gov.uk, amandip.kang@hmrc.gov.uk and bhavina.patel1@hmrc.gov.uk with the information (AN Number) detailed at Section VI.3) in order to access the tender event.

Section IV: Procedure

IV.1) Description

IV.1.1) Type of procedure

Open procedure

IV.1.8) Information about Government Procurement Agreement (GPA)

The procurement is covered by the Government Procurement Agreement: Yes

IV.2) Administrative information

IV.2.1) Previous publication concerning this procedure

Notice number in the OJ S:

2019/S 247-609570

Section V: Award of contract

A contract/lot is awarded: No

V.1 Information on non-award

The contract/lot is not awarded

Other reasons (discontinuation of procedure)

Section VI: Complementary information

VI.3) Additional information

To view this notice, please click here:

https://www.delta-esourcing.com/delta/viewNotice.html?noticeId=506504008

GO Reference: GO-202077-PRO-16798502

VI.4) Procedures for review

VI.4.1) Review body

HM Revenue and Customs

5W Ralli Quays

Salford

M60 9LA

UK

E-mail: amandip.kang@hmrc.gov.uk

VI.5) Date of dispatch of this notice

07/07/2020

Coding

Commodity categories

ID Title Parent category
64212000 Mobile-telephone services Telephone and data transmission services
64212100 Short Message Service (SMS) services Mobile-telephone services
64210000 Telephone and data transmission services Telecommunications services

Delivery locations

ID Description
100 UK - All

Alert region restrictions

The buyer has restricted the alert for this notice to suppliers based in the following regions.

ID Description
There are no alert restrictions for this notice.

About the buyer

Main contact:
amandip.kang@hmrc.gov.uk
Admin contact:
N/a
Technical contact:
N/a
Other contact:
N/a

Further information

Date Details
No further information has been uploaded.
Follow Sell2Wales
Email icon
Sell2Wales Helpline
0800 222 9004

Lines are open 8:30am to 5pm Monday to Friday.

Rydym yn croesawu galwadau'n Gymraeg.

We welcome calls in Welsh.

Give feedback about this page
All content is available under the Open Government License, except where otherwise stated.