– This opportunity is now closed –
We’re looking for an experienced company to develop a prototype web-based tool to help organisations to identify, assess and manage risks related to sharing data.
19 October 2021
- Tender reference: ODI_DA_04
- Call for tenders by the Open Data Institute
- Contact: [email protected]
- Costed proposals due by 17:00 GMT, 24/11/2021
The objective of this work is to develop a prototype web-based tool that will help organisations to identify, assess and manage risks related to sharing data.
Risks around sharing data typically fall into three categories: reputational, legal and commercial. Companies, individuals and governments need to assess whether their data processes and the data they want to share are safe and suitable. Without this assurance, concerns about reputation, legal compliance or commercial advantage can result in a hesitancy or refusal to share data that could in fact be made more widely available.
While there is some sector-specific guidance available (for example for agriculture and the geospatial community), it is not in user-friendly formats, nor easy to adapt to new contexts. The intention of this work is to review the existing guidance and tools, and develop a prototype web-based risk assessment application. This will be used to support further exploration with users of risk assessment and assurance processes.
The successful company will work in collaboration with the Open Data Institute (ODI) who will provide content, guidance, review and assistance throughout.
Summary and timeline
[table id=63 /]
Terms of payment
Payment of 50% the agreed contract price will be made half way through delivery, and 50% on completion.
Background
The ODI is looking into the role of data assurance in improving data sharing by helping organisations assess, build and demonstrate both trust in data practices and the trustworthiness of data for different purposes.
When considering sharing data – whether on a 1:1 basis, with a group, or more widely – a common concern for organisations is in providing assurance to senior leaders that sharing a particular set of data will not cause negative impacts on reputation, legal compliance or competitive advantage. Without this assurance, organisations can find themselves in a situation where a lack of processes to consider and manage these legitimate concerns can result in a reluctance to share data. This can limit value creation in the form of innovation, products and services for the organisation wanting to share data, as well as potential reusers of that data.
To help provide the assurance that reputation, legal compliance and commercials will be maintained, we see an early step – prior to seeking legal counsel – to consider perceived risks in sharing data and to identify suitable mitigating actions. By doing an initial pass through the data to identify any red flags, or indeed where data is suitable for wider sharing, this could save organisations time and money.
We have seen this approach taken in a number of projects where the goal was to share data with partners, the public and customers. For example:
- The Environment Agency developed the Open Data Risk Assessment in 2016. This checklist was used by teams as a ‘first pass check’ when considering whether data was suitable to share under open licence.
- The Geospatial Commission built on the Environment Agency’s earlier work to develop a data sharing risk assessment tool as part of its work to make location data easier to find.
- We produced guidance in partnership with CABI and the Bill & Melinda Gates Foundation to help grantees work through some of the key considerations around legal, reputational and commercial risks when sharing data as part of work to improve access to data for innovation in agriculture.
- The Centre for Data Ethics and Innovation (CDEI) has produced a guide to help organisations consider if/how to adopt privacy enhancing technologies.
While there is some sector-specific guidance available, it is not in user-friendly formats, nor easy to adapt to new contexts. The intention of this work is to review the existing user research, guidance and tools, and develop a prototype web-based risk assessment application. This will be used to support further exploration with users of risk assessment and assurance processes.
The ODI will provide the content for the tool, drawing on existing guides outlined above, and provide oversight of branding and user interface. We would like the successful company to work with us to bring it together into a prototype interactive web-based tool.
Deliverables
The key deliverables, due by 24 March 2022 at the latest, will be:
- Initial mock-ups of the user experience (UX) for consolidated interactive guidance
- A short write-up of findings from each phase of user testing including recommendations for the next phase of development
- Functional prototype web-based tool suitable for testing with communities of practice in the ODI or contractor’s network
- The code for the prototype – so that the ODI can take on further development and maintenance of the tool, and readily change both the content and interactive flow of the application as required. Ideally the prototype will be written in JavaScript or Python, and stable and established web frameworks such as Vue/React, but this is open to discussion.
Applicants should propose the format and length of deliverables, and phasing of delivery timescales, as part of the tender response.
We expect project teams to:
- Work closely with the ODI team eg to review existing risk management tools and carry out initial user research, where appropriate
- Use an iterative design process to ‘go beyond the tool’ to test the value of the prototype; explore the domain; build networks and highlight recommendations for the next stage of development
- Iterate development of the user experience and content by testing with communities of practice in the ODI or contractor’s network – using appropriate means: could be paper, wireframes or web based prototypes
- Work with our in-house designers to ensure the ODI brand is reflected in the functional prototype
- Attend feedback sessions with team members
- Communicate plans and progress regularly
The ODI will provide:
- Documentation and links to existing, related work
- Access to team members involved in previous and current related work
- Where possible, provide space to work in our office in King’s Cross, London, if/when members of the successful contractor wish to work onsite.
Activities
The successful organisations will work in close collaboration with the ODI team to ensure the deliverables meet the needs of the project.
We anticipate there will be certain types of activity required to meet the deliverables – for example mock-ups, initial user testing etc – however we ask applicants to propose specific activities and approaches as part of the tender response.
Form of tender response
Applications can be on behalf of a consortium of organisations. Interested parties should submit a costed proposal (in English) to [email protected], which includes:
- A short (no more than 5 page) explanation of your proposed approach, with references to any relevant existing work or activities
- A description of how you will meet the deliverables and expectations as described above
- A description of why you are best placed to deliver this work
- A description of the team who will do the work, including short biographies
- The total value (£) of your proposal, with a breakdown of the costs by activity and people
- A project plan with a clear description of activities, methods, outputs and deliverables from the different activities
- Where required, what form of in-kind support from the ODI team would be useful, for example, content, branding, connections etc
- Any risks and data protection considerations
If you have any questions about the tender, please contact [email protected] quoting the tender reference ODI_DA_04. The ODI reserves the right to make both anonymised questions and answers public or shared with other organisations having stated their interest.
Decision criteria
All proposals will be assessed as described in our public procurement policy.