Host, manage, maintain and running of The National Security Vetting SystemHost, manage, maintain and running of The National Security Vetting System

Description

This Voluntary Ex Ante Transparency (VEAT) notice relates to the provisions of services to host, manage, maintain and run Cabinet Office's UK Security Vetting (UKSV) Agency's National Security Vetting System (NSVS). This is a direct award for the services provided by the incumbent (CGI IT UK Ltd.) in the running of the existing NSVS, which is a critical security system used by HMG and a significant component of this legacy system's Intellectual Property (IP) is owned by the incumbent. The NSVS sits in a highly secured accredited environment. The proposed Contract will commence 1 March 2024 and continue for a period of 48 months through 29 February 2028. 

The Authority intends to enter into the Contract as set out after Tuesday 9 January 2024, on conclusion of this VEAT notice and the associated voluntary standstill period, which has been voluntarily extended to account for the Christmas and New Year period.

This legacy system is circa 10 years old and required transformation. The transformation programme to develop a new vetting system is separately being considered by UKSV. 

NSVS is faced by highly sophisticated attacks conducted by nation-states with near-limitless resources. A complex set of specific requirements are needed to help keep NSVS (and more importantly the vetting data that it holds) safe and secure, which are being developed as part of the planning for a replacement system and service. The current system is held in a high trust environment in the MoD estate, accredited to a set of standards set by the UK Government's National Technical Authorities including the National Cyber Security Centre and the National Protective Security Authority (NPSA, formerly CPNI). The system is subject to monitoring and access control procedures that are conducted by the MoD, tailored to the configuration of the NSVS and platform.

The National Security Vetting System (NSVS) was built by the incumbent, who was consequently awarded the contract to host, manage, maintain and run NSVS. Built around its predecessor, NSVS was launched into service in 2015. The current contract includes the NSVS service provision and management approach, underpinned by their delivery model below. 

The NSVS service comprises the following features:
Service governance;
In service management;
Service desk;
Information Technology Infrastructure Library (ITIL shared services);
Data centres;
Hosting services and event management;
Security Operations Centre monitoring;
Application management;
Management of change.

In addition, the new contract intended to provide enhanced performance management and reporting, clear exit obligations and a value for money commercial model. These new provisions will mean that the UKSV transformation programme can open up options for a long-term future solutions.