Clarifications

We do not require all Subcontractors to be disclosed. You need only disclose those Subcontractors who directly contribute to your ability to meet your obligations under the DPS Appointment Form (including under any Contract Agreement following a Competition Procedure). There is no need to specify Subcontractors providing general services to the Supplier (such as window cleaners etc.) that indirectly enable the Supplier to perform the DPS Appointment Form. Please read the definition of Subcontractor in the DPS Appointment Form. If you are successfully appointed to the DPS and are awarded a RM6200 Artificial Intelligence DPS Appointment, any changes to arrangements in relation to Subcontracting and Group of Economic Operators arrangements which are made following the award will be dealt with in accordance with DPS Schedule 6 (Key Subcontractors) of the DPS Appointment Form. After being appointed to the DPS any additional Subcontractors can be disclosed at that time.

You are required to confirm as part of your DPS submission, that you have Cyber Essentials basic certification in place, as a minimum, at Question 155 of the SQ. If you have Cyber Essentials Plus you can select this option at Question 156 of the SQ. A 'Yes' response to either of these questions is acceptable. If you select 'No' to Question 155 of the SQ and confirm this response at Question 5 of the DPSQ by selecting 'Yes' that you do not hold a valid Cyber Essentials basic certificate this will be classed as a 'Fail' and your application will be rejected until you have a valid Cyber Essentials basic certificate. Please note that Cyber Essentials was developed because neither ISO27001 nor other considered standards were sufficiently prescriptive to defeat common internet based threats as per the PPN.

Cyber Essentials has five requirements: - Configure and deploy a firewall - Make use of secure configurations for devices and software - Make use of access control to prevent unauthorized access to data and services - Protect yourself against malware such as viruses - Keep devices and software updated A certification is equivalent if it demonstrates explicitly that you have met the five requirements to the same or higher standard as would be required by the Cyber Essentials scheme. ISO:27001 consists of 14 controls, but these are not as specific as the Cyber Essentials requirements. For example, one of the controls is """"""""Make use of secure configurations for network infrastructure"""""""". This does not necessarily require you to configure and deploy a firewall, although most of the time you would expect that's part of what an organisation would do for that control, it's not explicitly required. So the question is whether your ISO:27001 certification from a trusted third-party explicitly demonstrates that you meet all five of the requirements under the Cyber Essentials scheme. It's not enough that you probably meet the requirements, or that typically your IT support team would meet the control by doing a specific thing, the certification would need to show that you do in fact meet the requirements.

Please refer to the Bid Pack, there are questions in the selection Questionnaire that are not applicable for this RM6200 Artificial Intelligence procurement, therefore please note, a response is NOT required to the questions as detailed below: Part 1: (Contract Example 1) - Q133 Part 1: (Contract Example 2) - Q134 Part 1: (Contract Example 3) - Q135 Part 3: (Steel) Q147 - Q149 Part 3: (Supply Chain) Q150 - Q154 Part 3: (NHS Questions) Q157 - Q161 If you have any further issues my colleagues at NQC will be able to assist you. Please use the 'contact us' tab at the foot of the Supplier Registration Service (SRS) home page or call them on 0161 413 7982.

You are required to confirm as part of your DPS submission, that you have Cyber Essentials basic certification in place, as a minimum. If you select 'No' to Question 155 of the SQ and confirm this response at Question 5 of the DPSQ by selecting 'Yes' that you do not hold a valid Cyber Essentials basic certificate this will be classed as a 'Fail' and your application will be rejected until you have a valid Cyber Essentials basic certificate. Any other certification you provide will be classed as in addition to Cyber Certification and not instead of. With regards to your company registration please provide the same details you used to register as a supplier on the Supplier Registration website.

CCS can confirm that suppliers are not obliged to provide a response to this question. In the event your financial failure score, provided by Dunn and Bradstreet, falls below the indicated threshold, you will be contacted directly by CCS in order to gather the relevent financial evidencees for further assessment. Dun and Bradstreet (D&B) will be able to confirm your current financial score at https://www.dnb.co.uk/

We will undertake an assessment of your economic and financial standing using the DUNS number (as provided by Dun and Bradstreet) for your organisation which you input when registering on the SRS registration system. The report provided by the credit reference agency (Dun and Bradstreet) will be used to determine the level of financial risk you represent. If the score provided by the credit reference agency is 35 or more, then your Request to participate will continue to proceed in the DPS Selection process. If the score is less than 35 our Commercial Finance Team will request sight of you last 2 years accounts to carry out a further assessment.

The Selection Questionnaire is split into two (2) distinct sections. The first is a standard Selection Questionnaire (SQ) and this must be completed and submitted via the Supplier Registration Service to progress to the next section of the SQ process, referred to as the DPSQ (these are DPS specific questions, and also contain the Service filters that buyers will also select when running Competition procedures). When you have completed the SQ you need to select either 'Save and Continue' at the end of the questionnaire, or, you can select 'Save and view answers' to review your responses, allowing you to make any changes prior to submitting the SQ, once done this will direct you to the DPSQ. Please note - you cannot amend your responses to any of the standard Selection Questionnaire responses once you have progressed on to the DPSQ. If you require further guidance please contact NQC using the 'contact us' tab at the foot of the Supplier Registration Service (SRS) home page or call them on 0161 413 7982.

PPN 09/14, Annex C, FAQ states: According to EU Law a supplier is not obliged to use Cyber Essentials. A supplier need only demonstrate to the satisfaction of the contracting authority that they meet Cyber Essentials requirements. Normally this should be verified by a technically competent and independent 3rd party. To demonstrate that Cyber Essentials Plus requirements have been met it is required in all cases that verification is provided by a technically competent and independent 3rd party. Gaining the Cyber Essentials certificate is the easiest way to demonstrate that the requirements have been met; however other forms of evidence are acceptable. Aside from a supplier falling under one or more of the stated exemptions Cyber Essentials certification is likely to be the cheapest way to achieve this.

In accordance with clause 2.1 of DPS Schedule 5 Management Information, 'MI Reports must be completed and returned to CCS by the fifth Working Day of every month during the DPS Contract Period and thereafter; if at any point there is a period of a month where no reportable transactions occur, then a declaration must be made confirming no business has been conducted, in place of data submission'. You can do this electronically by submitting a 'no business' in Report MI, if no contract has been awarded.

A Dynamic Purchasing System is open for suppliers to apply at any point during its lifespan, for Artificial Intelligence this is initially until 04/03/2022. There are no deadlines for a supplier to join, however a supplier must be appointed to the DPS to be included in any calls for further competition by the buying organisation which may take place at any point in time.

Supplier is advised to seek their own legal advice if necessary.

Data Loss Event should refer to the definition "Personal Data Breach" within Joint Schedule 1 Data Protection Law should refer to the definition "Data Protection Legislation" within Joint Schedule 1 Data Subject Request should refer to the definition "Data Subject Access Request" within Joint Schedule 1

CCS can confirm that Tort does include negligence.

Supplier is advised to refer to Call-off Schedule 6 (ICT Services) as well and seek their own legal advice if necessary.

CCS will carry out a financial assessment in the event a suppliers Dunn&Bradstreet score does not meet the required threshold. A selection of evidence can be provided in lieu of accounts in the event a supplier has limited trading history, and can be found in the selection questionnaire within the Bid Pack (Question 128). CCS requires suppliers to upload evidence using the Evidence Submission section of the questionnaire.

The Artificial Intelligence DPS can be applied for by clicking the "Access as a Supplier" option within the DPS landing page. https://supplierregistration.cabinetoffice.gov.uk/dps#technology

In this instance CCS will require a response to Q137 only in the event you are unable provide contract examples (as per responses to either Q133, Q134, Q135) and as such these questions are non-mandatory.

CCS can confirm Attachment 6 has now been uploaded and can be found within the main section of the Bid Pack for Artificial Intelligence.