Challenge 9.5
How can we use technology to create the most efficient and secure supply chain for public sector procurements?
Challenge summary
How can we use technology to create the most efficient and secure supply chain for public sector procurements, especially in regard to making the requirements, standards and rules of public sector procurement as efficient to establish as possible, both for the private sector businesses applying for contracts, and the organisation assessing those applications; focusing on two initial use cases — cyber security, design and accessibility.
Supply chains, integral to all organisations, pose a significant risk due to their size, complexity, and the potential of severely disrupted services if compromised.
Currently, securing supply chains is resource-intensive and often requires manual efforts from specialist staff which can cause issues — particularly for SMEs.
If we can build a single, effective and efficient system, we could dispense with the current practice of creating single-use questionnaires for each and every procurement exercise. This would have significant benefits including resource and time savings, for both procuring and tendering organisations.
Currently, we do not have this: existing tools provide some data analysis, but further solutions could enhance this process.
While cyber security and accessibility have been noted as the initial use cases, the intention is that a successful solution would incorporate all procurement requirements – for example accessibility, usability and design standards.
A short Q&A was held with the Challenge Sponsors at our launch event on 27 June — a recording of this session can be viewed here:
Key information for applicants
Please note — applications for CivTech Round 9 are now closed. Join our mailing list and follow us on social media to be the first to hear about future Challenges.
Launch date
27 June 2023
Closing date
Midday, 22 August 2023
Exploration Stage interviews
Wednesday 27 September 2023
Exploration Stage
23 October to 10 November 2023
Accelerator interviews
Friday 17 November 2023
Accelerator Stage
11 December 2023 to 26 April 2024
Maximum contract value
£650,000
Q&A session
A live Q&A session was held with the Challenge Sponsor team on Tuesday 18 July 2023 at 11:00. A recording of the session can be viewed here:
Supporting Information discussed during the Q&A session CivTech 9 - Challenge 9.5 - Additional Information - Cyber Security, Design Standard and Design System
Why does this Challenge need to be solved?
Supply chains are often large and complex making them difficult to secure effectively. All organisations, including ours, have a reliance on goods, systems and services from a wide range of suppliers.
Supply chains pose a significant risk to organisations as disruption can cause the failure of business critical systems leading to the potential break-down of services and the creation of other, follow-on risks.
At the present time securing the supply chain is a very resource intensive process which requires a lot of manual effort by specialist staff. This is the case for both organisations undertaking a procurement and those companies bidding on them. SMEs are particularly affected by this.
A reusable questionnaire tool that could contain question sets from multiple specialist areas such as, cyber security, accessibility, usability and design will have the following benefits:
For suppliers:
Tell us once
Ability to share, update and mitigate gaps
For clients:
Confidence that the correct specialist questions are asked
For SMEs
Consistent and accurate question set across all procurements
Focus and effort only on where there is either poor outcomes
For Digital
Reuse of a single component
Confidence that suppliers meet the standards we require
Visibility of the supplier portfolio to understand gaps and potentially help to remediate
How will we know the Challenge has been solved?
When a single procurement questionnaire, completed by a tendering organisation or business, can be used multiple times by many different public sector organisations; with that questionnaire only needing to be completed once by the tenderer [unless of course, circumstances change, in which case the resubmission is also fast and efficient]; and when time currently used by specialist staff on this process is freed up so they can focus on more productive and fulfilling work.
There will be a significant reduction in requests from various organisations to assist with Invitation to Tender (ITT) content.
Visibility of completed questionnaires provides transparency to digital specialist teams: for example, to see where suppliers, succeed and struggle to identify mitigating actions.
Organisations who are subject to Technology Assurance Framework will have better outcomes. A key theme for improvement from Technology Assurance Framework (TAF) activity is, ITT quality and access to specialisms needed to help input. This solution will help increase quality and consistency of supplier evaluation.
We get benefit from the increased use of data to explore and validate supply chains. For instance, tenderers can provide data that supports a greater understanding of the complexity of supply chains. For example, multiparty supply chains.
Technology Assurance Framework - Digital - gov.scot (www.gov.scot)
Who are the end users likely to be?
Scottish Government
Scottish Public Sector
Private Companies (those bidding on procurements)
Third Sector Organisations
Has the Challenge Sponsor attempted to solve this problem before?
The existing solution is called the Cyber Security Procurement Support Tool: Cyber Security Procurement Support Tool: supporting guidance for public bodies - gov.scot (www.gov.scot)
This solution is not able to be used by all end users. We wish to move away from spreadsheet based assessments to enable better use of more modern technologies. In turn this will give us access to a rich dataset which can then be analysed to provide valuable insights across the process.
Are there any interdependencies or blockers?
The existing solution is not a blocker as this could be replaced by a solution to this Challenge.
Will a solution need to integrate with any existing systems / equipment?
We prefer that a solution integrates with the Cyber Security Procurement Support Tool (CSPST) and Public Contracts Scotland systems:
Cyber Security Procurement Support Tool: supporting guidance for public bodies - https://www.gov.scot/publications/cyber-resilience-supply-chain-guidance/
Public Contracts Scotland https://www.publiccontractsscotland.gov.uk/
Any technologies or features the Challenge Sponsor wishes to explore or avoid?
We would like to move away from the existing spreadsheet or word processing application based solutions. For instance, a cloud based service would provide greater benefits from the use of a data, and rich accessible digital interfaces for users accessible web front end. We are open to other ideas about who to achieve the benefits described in thie Challenge.
What is the commercial opportunity beyond a CivTech contract?
Beyond a CivTech contract this service could be commercialised to any organisation – public, private, or third sector - that carries out procurements that need a degree of assurance around them.
The same solution could be used as an assurance mechanism for many different areas and not just cyber security.
There is the option to charge people to use this system either on an annual subscription model or a per procurement option. As this is aimed at public and third sectors this would need to be a reasonably low cost to realise its full benefit.
Who are the stakeholders?
Scottish Government:
Cyber Security Unit, Scottish Government
Cyber Resilience Unit, Scottish Government
Social Security Scotland
Digital Directorate, Scottish Government
ITECS, Scottish Government
Forestry and Land Scotland
Agriculture and Rural Economy, Scottish Government
Other:
Police Scotland
Local Authorities
Higher Education/Further Education Shared Technology & Information Services (HEFESTIS)
Who’s in the Challenge Sponsor team?
Scottish Government, Directorate for Digital, Cyber Security Unit
Scottish Government, Directorate for Digital, Digital Transformation
Scottish Government, Directorate for Digital, Digital Commercial Service
What is the policy background to the Challenge?
Cyber security – all procurements by the Scottish Government that involve digital systems and our data require the information asset owner to ensure there is the appropriate level of assurance around that system/data to protect it in terms of confidentiality, integrity and availability.
Accessibility, usability and design – all procurements that involve digital systems must demonstrate their approach to making tools accessible, meet legal obligations The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (legislation.gov.uk), ensure their solution is tested with users and will use our Design System, https://designsystem.gov.scot/