Home Office Child Abuse Image Database (CAID) Hosting and Associated Services 2 - Market Engagement
A Prior Information Notice
by HOME OFFICE
- Source
- Find a Tender
- Type
- Future Contract (Services)
- Duration
- not specified
- Value
- ___
- Sector
- TECHNOLOGY
- Published
- 21 May 2024
- Delivery
- not specified
- Deadline
- n/a
Concepts
Location
LONDON
1 buyer
- Home Office London
Description
The Child Abuse Image Database (CAID) is the central image, video and hash store and associated applications that supports the identification of victims, depicted in Indecent Images of Children, and offenders that possess, distribute, and produce such imagery. CAID is a live critical Law Enforcement system, contracted through the Home Office. The current contract for CAID Hosting will expire March 2026 and CAID wants to re-procure these services.
Total Quantity or Scope
The Child Abuse Image Database (CAID) is the central image, video and hash store and associated applications that supports the identification of victims, depicted in Indecent Images of Children, and offenders that possess, distribute, and produce such imagery. CAID is a live critical Law Enforcement system, contracted through the Home Office. The current contract for CAID Hosting will expire March 2026 and CAID wants to re-procure these services which include: • providing hosted and managed scalable infrastructure to operate the CAID live and test environments, • providing connectivity of the infrastructure to UK law enforcement, and other stakeholders, with appropriate security and encryption, • service management to maintain and update the infrastructure, supporting capabilities and CAID application suite, and • protective monitoring of the infrastructure, CAID applications, Databases, and other software components. All live CAID environments must be secured to host illegal media and highly sensitive personal data that is classed as Official (SENSITIVE). The Buyer currently considers this means: • Hosted in UK based datacentres with Police Assured Secured Facility status, including the use of Tier 1 public cloud providers. • Separated from other tenants so that underlying infrastructure providers have no access to the CAID applications or data. • Secured connectivity and internal zone security. • Regular scanning for vulnerabilities. • A holistic anti-malware solution. • Encrypted data at rest, with customer managed keys. • Full auditing of administration and user activity. • Monitored via Protective Monitoring. • Strong RBAC with granular control. This exercise will assess the marketplace and includes, • Details of the CAID requirement and a questionnaire will be shared with suppliers who must first sign and return a Non-Disclosure Agreement/Security Aspects Letter (NDA/SAL) before material can be released. Please email the CAID Commercial Team, by 5th June 2024, at CAIDCommercial@homeoffice.gov.uk headed, 'Home Office CAID Hosting and Associated Services 2 Market Engagement' to register your interest. • The NDA/SAL will then be sent for signature and return to the CAIDCommercial email address so material can be released. • An online briefing event will be held in summer 2024, for those suppliers who signed an NDA/SAL, to explain the requirement and answer questions. • The Team may conduct virtual online sessions with interested suppliers that complete and return the questionnaire. Note-the Home Office reserves the right to not hold virtual sessions. The CAID Team will assess the results of this exercise and if a Tender exercise is agreed on, another PIN will be issued with details of the competition and services. This is a zero value PIN for early market engagement for information only and is not a call for competition. The Home Office reserves the right not to enter a formal procurement process or proceed with contract award.
CPV Codes
- 72000000 - IT services: consulting, software development, Internet and support
Indicators
Other Information
This exercise aims to gain an understanding and insight into the services available and suppliers who could provide these services. This will inform the tender process and the specification of services. Therefore, this PIN is intended to signal the start of an information gathering exercise. CAID's Hosting and Service Management has been provided since 2014 via the Public Service Network for Policing (PSNfP) contract. Previously legal opinion, last updated in 2020, was that due to considerable data protection and other legal concerns, CAID data should not be held on cloud hosted infrastructure and should remain within Police owned data centres. Since this advice was given there has been considerable development in both cloud hosting technology and the needs and approaches of law enforcement efforts to combat child sexual abuse and exploitation. As such, this opinion had been revisited and it is now considered that removing these restrictions can be compliant with data protection requirements.
Reference
- FTS 016000-2024