Invitation to tender (ITT): Prototype to help identify and manage risk when sharing data

Tue Oct 19, 2021
$download_content = get_field('download_content');

We’re looking for an experienced company to develop a prototype web-based tool to help organisations to identify, assess and manage risks related to sharing data

– This opportunity is now closed –


We’re looking for an experienced company to develop a prototype web-based tool to help organisations to identify, assess and manage risks related to sharing data.

19 October 2021

  • Tender reference: ODI_DA_04
  • Call for tenders by the Open Data Institute
  • Contact: [email protected]
  • Costed proposals due by 17:00 GMT, 24/11/2021

The objective of this work is to develop a prototype web-based tool that will help organisations to identify, assess and manage risks related to sharing data.

Risks around sharing data typically fall into three categories: reputational, legal and commercial. Companies, individuals and governments need to assess whether their data processes and the data they want to share are safe and suitable. Without this assurance, concerns about reputation, legal compliance or commercial advantage can result in a hesitancy or refusal to share data that could in fact be made more widely available.

While there is some sector-specific guidance available (for example for agriculture and the geospatial community), it is not in user-friendly formats, nor easy to adapt to new contexts. The intention of this work is to review the existing guidance and tools, and develop a prototype web-based risk assessment application. This will be used to support further exploration with users of risk assessment and assurance processes.

The successful company will work in collaboration with the Open Data Institute (ODI) who will provide content, guidance, review and assistance throughout.

Summary and timeline

AimThe objective of this work is to develop a prototype web-based tool to help organisations to identify, assess and manage risks related to sharing data.
The intention is to review the existing user research, guidance and tools, and develop a prototype web-based risk assessment application. This will be used to support further exploration with users of risk assessment and assurance processes.
AudienceAudience for the ITT: This invitation to tender is open to individuals and organisations based in the United Kingdom that can deliver the software described above within the assigned time frame.

Audience for the web-based tool: organisations considering sharing data – whether on a 1:1 basis, with a group, or more widely.
DurationNovember 2021 – March 2022
Value of award (excl. VAT)Up to £40,000
Costed proposals due by17:00 GMT, 24/11/2021
Tender decision by17:00 GMT, 28/11/2021
Contract awarded17:00 GMT, 30/11/2021
ODI brief winning applicant(s)17:00 GMT, 01/12/2021
ODI progress reviewsFortnightly (virtually)
Final work delivered by24/03/2022
Tender reference:ODI_DA_04
Contact[email protected]

Terms of payment

Payment of 50% the agreed contract price will be made half way through delivery, and 50% on completion.

Background

The ODI is looking into the role of data assurance in improving data sharing by helping organisations assess, build and demonstrate both trust in data practices and the trustworthiness of data for different purposes.

When considering sharing data – whether on a 1:1 basis, with a group, or more widely – a common concern for organisations is in providing assurance to senior leaders that sharing a particular set of data will not cause negative impacts on reputation, legal compliance or competitive advantage. Without this assurance, organisations can find themselves in a situation where a lack of processes to consider and manage these legitimate concerns can result in a reluctance to share data. This can limit value creation in the form of innovation, products and services for the organisation wanting to share data, as well as potential reusers of that data.

To help provide the assurance that reputation, legal compliance and commercials will be maintained, we see an early step – prior to seeking legal counsel – to consider perceived risks in sharing data and to identify suitable mitigating actions. By doing an initial pass through the data to identify any red flags, or indeed where data is suitable for wider sharing, this could  save organisations time and money.

We have seen this approach taken in a number of projects where the goal was to share data with partners, the public and customers. For example:

  • The Environment Agency developed the Open Data Risk Assessment in 2016. This checklist was used by teams as a ‘first pass check’ when considering whether data was suitable to share under open licence.
  • The Geospatial Commission built on the Environment Agency’s earlier work to develop a data sharing risk assessment tool as part of its work to make location data easier to find.
  • We produced guidance in partnership with CABI and the Bill & Melinda Gates Foundation to help grantees work through some of the key considerations around legal, reputational and commercial risks when sharing data as part of work to improve access to data for innovation in agriculture.
  • The Centre for Data Ethics and Innovation (CDEI) has produced a guide to help organisations consider if/how to adopt privacy enhancing technologies.

While there is some sector-specific guidance available, it is not in user-friendly formats, nor easy to adapt to new contexts. The intention of this work is to review the existing user research, guidance and tools, and develop a prototype web-based risk assessment application. This will be used to support further exploration with users of risk assessment and assurance processes.

The ODI will provide the content for the tool, drawing on existing guides outlined above, and provide oversight of branding and user interface. We would like the successful company to work with us to bring it together into a prototype interactive web-based tool.

Deliverables

The key deliverables, due by 24 March 2022 at the latest, will be:

  • Initial mock-ups of the user experience (UX) for consolidated interactive guidance
  • A short write-up of findings from each phase of user testing including recommendations for the next phase of development
  • Functional prototype web-based tool suitable for testing with communities of practice in the ODI or contractor’s network
  • The code for the prototype – so that the ODI can take on further development and maintenance of the tool, and readily change both the content and interactive flow of the application as required. Ideally the prototype will be written in JavaScript or Python, and stable and established web frameworks such as Vue/React, but this is open to discussion.

Applicants should propose the format and length of deliverables, and phasing of delivery timescales, as part of the tender response.

We expect project teams to:

  • Work closely with the ODI team eg to review existing risk management tools and carry out initial user research, where appropriate
  • Use an iterative design process to ‘go beyond the tool’ to test the value of the prototype; explore the domain; build networks and highlight recommendations for the next stage of development
  • Iterate development of the user experience and content by testing with communities of practice in the ODI or contractor’s network – using appropriate means: could be paper, wireframes or web based prototypes
  • Work with our in-house designers to ensure the ODI brand is reflected in the functional prototype
  • Attend feedback sessions with team members
  • Communicate plans and progress regularly

The ODI will provide:

  • Documentation and links to existing, related work
  • Access to team members involved in previous and current related work
  • Where possible, provide space to work in our office in King’s Cross, London, if/when members of the successful contractor wish to work onsite.

Activities

The successful organisations will work in close collaboration with the ODI team to ensure the deliverables meet the needs of the project.

We anticipate there will be certain types of activity required to meet the deliverables – for example mock-ups, initial user testing etc – however we ask applicants to propose specific activities and approaches as part of the tender response.

Form of tender response

Applications can be on behalf of a consortium of organisations. Interested parties should submit a costed proposal (in English) to [email protected], which includes:

  • A short (no more than 5 page) explanation of your proposed approach, with references to any relevant existing work or activities
  • A description of how you will meet the deliverables and expectations as described above
  • A description of why you are best placed to deliver this work
  • A description of the team who will do the work, including short biographies
  • The total value (£) of your proposal, with a breakdown of the costs by activity and people
  • A project plan with a clear description of activities, methods, outputs and deliverables from the different activities
  • Where required, what form of in-kind support from the ODI team would be useful, for example, content, branding, connections etc
  • Any risks and data protection considerations

If you have any questions about the tender, please contact [email protected] quoting the tender reference ODI_DA_04. The ODI reserves the right to make both anonymised questions and answers public or shared with other organisations having stated their interest.

Decision criteria

All proposals will be assessed as described in our public procurement policy.