Clarifications

147. With reference to Attachment 7 DMP Schedule 4 Annexes 1 and 2 Template Contract Order Form and Template Contract Terms V1, has the total aggregate liability **after the first Contract Year** been omitted?

145. Hello. Are you looking for End-point Assessment organisations as part of this marketplace? We are an EPAO but cannot get past the question that requires a UKPRN. Please can you clarify how we get past that? We do not want to provide apprenticeship training. Thanks.

141. Good afternoon, A colleague completed the Apprenticeship Prospectus information before she left the business. Some of the information she has input is inaccurate, would it be possible to amend this or would you suggest we start again? Thank you

140. Hello. Question 11 of the Apprenticeship Training Dynamic Marketplace asks for a UKPRN. As an EPAO we don't have a UKPRN, does that mean we cannot be part of this marketplace? Thank you.

139. In attachment 4 additional sub contractor(s) excel spreadsheet of the Crown Commercial Service tender. The additional sub contractor(s) tab, in column N & O the drop down boxes are blank. There are no options to select and you are restricted from typing in the box. How would you complete this section of the spreadsheet?

137. If we want to remove a Framework/Standard but have not yet reached the 'Agreeing' stage, can we provide 'dummy' data to pass through the portal for Frameworks/Standards we no longer wish to deliver until we reach the 'Agreeing' stage and the 'Update DPSQ' option? Also, once we have uploaded responses for the Frameworks/Standards we wish to deliver and reached the 'Appointed' stage, will we then need to repeat the entire process (from Q.13 onwards) to add new Frameworks/Standards in the future?

136. We can not move past the general prospectus without putting a link to quality assurance report (which you have already confirmed that not everyone will have). Putting N/A will not work. Are we ok to put a link to our homepage to enable us to move on?

134. To follow up on the question answered Jul-18-2019 08:38 Where do providers include Apprenticeship Standards on the CCS portal? Not just Apprenticeship Frameworks? Attachment 1a of the bid pack details the Standards we want to include in the portal. However I cannot see where these Standards can be selected in the portal. For example HR Support Level 3 Reference: ST0239; HR Consultant Level 5 Reference: ST0238; Associate Project Manager Level 4 Reference ST0310; Learning and Development Practitioner Level 3 Reference: ST0562 Thanks

133. Good Afternoon, Please could Crown Commercial Services (CCS) clarify the following questions relating to the DMP Framework Agreement and Template Contract Terms (Call-off contract) documents: 1. We note that the CCS shall have a right to terminate the DMP Agreement without cause at any time following 6 months and that a contracting authority/ Customer shall have a right to terminate a Contract without cause at any time. Please can CCS confirm whether there is any scope for potential suppliers to agree for the inclusion of an initial minimum term, prior to its entering into any Contract? 2. Please could CCS clarify to what extent a potential supplier shall have a right to remedy any default, including in performance of the Services, under the DMP Agreement and/or a Contract, prior to CCS and/or any Customer having a right to suspend or terminate the DMP Agreement and/or a Contract? 3. Please could CCS clarify what a Customer's total aggregate liability might be to a potential supplier in respect of losses resulting from customer causes occurring after the end of the first contract year? We note, pursuant to clause 25.4(a), that a sum equal to contract charges shall be a Customer's total aggregate liability in respect of all losses arising as a result of customer causes occurring during the first contract year. 4. Please could CCS confirm if our below understanding of the Exit Management provisions is correct and what specific assets, if any, CCS envisages that potential suppliers of End Point Assessment Services as EPAOs might, in practice, potentially be required to sell, permit the use of and/or assign on termination or expiry of a contract. The exit management provisions set out under schedule 10, and in particular paragraph 9, of the Call off Contract Terms, suggest that in the case of each contract, a contracting authority would: • have a right to require that the potential supplier sell any of its assets, capable of legal transfer, which the potential supplier, or any key-subcontractor has used exclusively in the provision of its services to the contracting authority and to do so at net book value; • have a right to require that the potential supplier, permit the continued use of any of its, or a key-subcontractor's assets which were not used exclusively to provide the services, but instead used for provision of its services to the contracting authority as well as other purposes; and • have a right to require that the potential supplier, assign or novate any of its sub-contracts, licences for third party intellectual property rights and/or that potential supplier, grant licences for use of its own intellectual property rights; in order for either a contracting authority or a replacement supplier to the approved supplier to provide either the same or substantially similar services. 5. Noting the previous question and CCS' clarification dated 27th June 2019 concerning the status of potential suppliers under data protection legislation and under any contract, please confirm whether a potential supplier providing an End Point Assessment Service as an EPAO may also draw up such terms on the basis of an independent data "controller" relationship between the supplier and customer, given the fact that such suppliers must inevitably also determine the purposes and means of processing in order to provide their service and shall also be bound by their own regulatory obligations concerning provision of any such service. 6. Please can CCS clarify whether potential suppliers on the framework are obliged to accept any contract awarded to them through the "Rapid Award Procedure"? 7. Can CCS please confirm whether Schedule 5: Staff Transfer (Part B) of the contract applies to EPA organisations and that this would only relate to defaulted contracts as opposed to natural termination at end of a contract? Kind regards,

132. Good Afternoon, Please could Crown Commercial Services (CCS) respond to the following questions relating to the Customer Needs document and the DMP Framework Agreement: 1. Section 3.4.3 of the Customer Needs document refers to some aspects that are only relevant to the Apprenticeship Training Providers and not to EPAOs, in particular i) an induction programme and ii) a detailed summary of the Apprenticeship learner journey process. Please could CCS confirm whether this will be further clarified within the call-off contract with the contracting authority? 2. As per section 3.4.3 of the Customer Needs document, please could CCS clarify what "an induction programme" would entail? We consider this to be the Apprenticeship training provider's role rather than the role of an EPAO. 3. Section 3.4.4 of the Customer Needs Document lists some requirements that would vary between the standards and the Apprenticeship learner journeys agreed between the training provider and the Customer, e.g. panel members, level of feedback, assessment results KPIs. (EPAOs must remain independent of the learning process and so there is a limit to the detail of feedback they can provide and still ensure the validity and reliability of the EPA) Please can CCS confirm that details for the EPA delivery service will be agreed in the call-off contract between the Customer and the successful EPAO? 4. As an EPAO, we have a defined set of procedures, processes and assessment KPIs for each standard we provide EPA for, which are monitored by EQAOs. This is detailed in our EPA Manual that we require Providers and Employers to follow that will ensure smooth, efficient and consistent delivery of EPAs across all standards. Please could CCS advise whether the Customer (Employer and Provider) will accept the conditions of the EPA Manual as part of the individual call-off contracts? 5. Please could CCS confirm that section 3.4.5 of the Customer Needs document relates to Apprenticeship Training Providers only, as this service does not form part of the role of an EPAO. 6. Please could CCS explain how section 3.5.4 of the Customer Needs document relates to the role of the EPAO? 7. Paragraph 1.2.2.3 of Schedule 2 of the DMP Framework Agreement states "The Supplier shall ensure that the registered EPAO and the assessor is independent of, and separate from, the training provided by the Supplier and Customer in accordance with the ESFA Funding Rules." In some instances, either upon a written agreement with the ESFA or in line with the Assessment Plan for the Standard, EPAOs have been allowed to use employer personnel as trained independent assessors provided full independence from the apprentice and training provider is maintained. Please can CCS confirm that this will still be acceptable in these circumstances? Kind regards,

129. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - Appendix 1 - Baseline Security Principles Audit information for tenants - please could you clarify what audit information is expected here, and what it being 'accessible online' actually means in this context, from a practical perspective?

128. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - Appendix 1 - Baseline Security Principles Protective Monitoring - we don't currently monitor the data in our systems for malicious activity, nor do we have 24/7 support to provide alerts from any monitoring that would be implemented. Could you suggest what sort of monitoring is expected here so we could at least identify the likely costs?

127. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - Appendix 1 - Baseline Security Principles Data Security Principles/Implementation Objectives Matrix - 3 - Separation between tenants - it would be extremely difficult for us to segregate data so we would like to know whether this is definitely required - it's referred to as a 'should' not a 'must'. Additionally, it may not be possible for us to inform the Contracting Authority of any other CA that is sharing the platform/service, as it may be commercially sensitive, so some clarity on exactly what is expected would be helpful.

126. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 11 - Service Decommissioning - this is not how we currently operate as an education provider, as when students end their studies with us we still need to retain their data for proof of results, proof of study etc, so we are currently not set up to meet these requirements in respect of data deletion etc - this also ties in with the section in Appendix 1 on Data Sanitisation. If this is absolutely required we'd be interested to know if there are other education providers who have met this requirement and how they have done so? It would have significant implications for our core business processes and impact on many other areas (e.g. alumni).

125. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 10 - Vulnerabilities and Corrective Action - 10.3 - we are implementing some new processes around patching with a new patch cycle but it's possible there may be specific situations where we are unable to wholly meet this requirement, how should we manage this?

124. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 9 - Breach of Security - IT Environment - 9.1 - although we use the latest versions of anti-virus, we may not always use the latest firmware as there may be configuration issues, this would need to be assessed on a case-by-case basis - is that acceptable?

123. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 8 - Breach of Security - General Principles - 8.2.2 - providing full details and root cause analysis of a security breach within 2 days may not always be possible, due to closure days for the university, staff availability etc - how flexible is this requirement?

122. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) 4. Point 7 - Security Testing - as we would be responsible for organising external security testing we would like to understand what level and type of testing is required so we can determine indicative costs, please could you elaborate on what is expected and if any vulnerabilities are identified what is the requirement/expectation for implementing a fix?

121. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 5.7 - regarding the Information System and Risk Management Documentation, could you provide examples of the documentation expected, and what sort of updates you would typically expect?

120. 'Dynamic Marketplace Agreement V1 WATERMARKED' document - Section - DMP Schedule 23: Security Management (page 146) Point 5 - Information Risk Management Approval of the Information System - Could you provide more detail about the process you would follow to approve? It is not clear to us what format the approval would take, who would need to be involved, and at what level.