Process for procurement of the Applications Tower

Pegasus is a Digital Policing programme to procure new key IT suppliers for the Metropolitan Police Service. The Metropolitan Police Service IT contracts are currently being delivered under a multi supplier ‘Towers Model’, comprising five incumbent suppliers providing a range of IT services, whose contracts expire over the next two years. The Pegasus programme looks to replace and consolidate those services down to two key suppliers.

This decision concerns the selection and confirmation of the appropriate procurement route for the appointment of a supplier to provide Applications services. It seeks to secure approval for the use of a Competitive Procedure with Negotiation (CPN) for the procurement of the Applications Tower as part of the Pegasus programme.

It also provides an overview of the current timelines for the Applications procurement.

The Deputy Mayor for Policing and Crime is recommended to approve the use of the Competitive Procedure with Negotiation for the procurement of a Digital Policing Application Tower Supplier.

1. Introduction and background

1.1. Pegasus is a Digital Policing programme to procure new key IT suppliers for the Metropolitan Police Service. The Metropolitan Police Service (MPS) IT contracts are currently being delivered under a multi supplier ‘Towers Model’, comprising 5 incumbent suppliers providing a range of IT services, whose contracts expire over the next 2 years. The Pegasus programme looks to replace and consolidate those services down to 2 key suppliers.

1.2. The Pegasus Programme will deliver a service model that reflects the future needs of the MPS. It will enable agility and flexibility in services, an improved user experience and greater value for money. The Pegasus Programme supports the MPS direction and strategy to seize the opportunities of data, digital and technology to be a world leader in policing.

1.3. The new Pegasus MPS model is a 2 tower model that will comprise of an infrastructure tower (procured separately) with embedded service management and integration services, and a separate applications tower. The infrastructure tower procurement consists of 5 of the current tower services and is nearing completion – the call for final tenders was issued on 5 October 2020.

1.4. The applications tower is the subject of this procurement and at a high level consists of the “mandatory services” and the “optional services” as set out below. The applications tower procurement is at an earlier stage than the infrastructure procurement – the first significant market action (issue of Selection Questionnaire) is planned for 30 October 2020. It should be noted at this stage that all services within the scope of services will be delivered by the supplier, but the volume and introduction date of the optional services may be varied at the sole discretion of the MPS – as such at the service commencement date the volume of the optional services may be zero.

Mandatory Services

• Tower Service Management: Service management functions delivered within the tower that are essential to the correct running of both ITIL services and the integration of other services within the MPS IT ecosystem.

• Application Management Services: The effective support of applications within the MPS estate, to ensure a highly available maintained estate with IT service continuity management at the heart of the service.

• Security services: Aligned to industry best practice, integrated with the specific security functions to ensure that all service are delivered in a highly secure manner with data and users protected throughout all aspects of the service.

Optional Services

• Hosting services – The ability of the Application provider to manage deeper elements of the application stack when applications are hosted on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) infrastructure in order to give a greater level of end to end accountability.

• End user services – management and delivery of end user services currently being sourced through the Pegasus Infrastructure tower.

• DevOps Services – The introduction of Agile Application developments methodologies to augment the existing capability within MPS and to further enhance the capability in order to mature the service.

1.5. Papers regarding Pegasus have previously been presented as follows:

1.6. This paper seeks approval of the procurement of a supplier in respect of the Applications tower through use of the Competitive Procedure with Negotiation (CPN).

2. Issues for consideration

2.1. The key issues for Deputy Mayor to take account of are:

• The value for money to be achieved through use of CPN.

• The utilisation of market knowledge and expertise in the Procurement.

• The need for high quality Applications services, and how this is best driven through selection of CPN as a procurement route.

3. Financial Comments

3.1. This decision does not involve any financial commitment.

3.2. Use of the CPN procedure will enable the MPS to utilise bidders’ wider market knowledge and experience to shape and refine the services that are being procured as the process evolves. In so doing the MPS will obtain a valuable, tangible benefit from the process itself, in addition to driving value across the process by incorporating such learning into its approach.

3.3. Using CPN will allow the interrogation and negotiation of bids, including the pricing model, assumptions and risk approach. This process is a two-way learning exercise between bidder and the MPS – on interrogating a bid it is often the case that a bidder has inadvertently priced for elements which are not required, or for risks that are less significant than the bidder understood them to be. The resolution of such issues can often result in a significant reduction in price.

4. Legal Comments

4.1. The Mayor’s Office for Policing and Crime (MOPAC) is a contracting authority as defined in the Public Contracts Regulations 2015 (“the Regulations”). When awarding public contracts for goods and services valued at £189,330 or above, all contracting authorities must do so in accordance with the Regulations.

4.2. Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve the procurement strategy for all revenue and capital contracts of a total value of £500,000 or above, such determination to include decisions on the criteria and methodology to be adopted in the tendering process, any exemptions from procurement requirements, and any necessary contract extensions.

4.3. The route outlined above has been confirmed as being legally compliant by TLT, who continue to provide legal assurance regarding the process.

5. Commercial Issues

5.1. The options for the procurement of new or replacement services for the benefit of the Authority have been developed jointly between the commercial and legal leadership teams.

5.2. Due to the complexity of the Application services, and the need to engage as wide a market as possible, the use of a framework is not considered optimal for the Procurement.

5.3. Considering the remaining routes (CPN, Restricted):

• Regarding value for money, there are no significant budgetary differentiators between the two processes. In terms of revenue costs, both processes facilitate competition (although CPN provides additional scope for the optimisation of value for money through interrogation of financial model at the negotiation phase).

• Regarding wider benefits, either process would engage the market in a competitive process, and so would be expected to facilitate high quality innovative service proposals; and

• Both procedures are relied upon widely by the public sector generally, giving a high level of confidence in the robust nature of the process.

5.4. Having considered the process and features of both Restricted and CPN it has been concluded that CPN will best achieve the objectives of the Procurement for the following reasons:

• Use of the CPN procedure will enable the MPS to:

o interrogate and negotiate tenders, including the pricing model, assumptions and risk approach

o utilise bidders’ wider market knowledge and experience to shape and refine the services that are being procured as the process evolves; and

o obtain a valuable, tangible benefit from the process itself, in addition to driving value across the process by incorporating such learning into its approach.

6. GDPR and Data Privacy

6.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.

6.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.

6.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the programme meets its compliance requirements.

6.4. The programme does not use personally identifiable data of members of the public, so there are no GDPR issues to be considered.

7. Equality Comments

7.1. There are considered to be no negative equality or diversity implications arising from this procurement process at the SQ stage. Key questions in terms of compliance with the MPS equality and diversity policy and with the Equality Act 2010 will be included at the ITN stage of the procurement in respect of each Applicant’s performance and approach to such matters.

8. Background/supporting papers

8.1. Report.