Tax agency seeks to replace patchwork of suppliers with a single provider
HM Revenue and Customs is to bring together its email, phone and text message communications with citizens and businesses in a single-supplier contract worth as much as £10m.
The deal will, which will run for an initial term of two years plus a potential 12-month extension, will also cover the provision of multi-factor authentication security services. The department said that it currently works with a range of suppliers delivering individual elements of its external communications, but that it now wishes to unite them in a single commercial agreement.
HMRC indicated that it sends 94 million SMS text messages and 220 million emails to citizens and businesses each year.
“This new combined email and text service will be a part of a range of communication services that will support the authority’s strategy of communicating with the right customer at the right time through the right channel,” it said.
Text and voice messages sent by the tax authority to landlines and mobiles in both the UK and overseas include a unique six-digit code which the recipient can use to access a service within a specified time limit. The chosen supplier will be expected to provide a “unique sender ID” for use by HMRC.
The purpose of these communications is to “provide reassurance and prevent progress chasing” as well to deliver “nudges and prompts” and to seek feedback from users.
The implementation of the contract will cover two phases, the first of which will cover the transition of the existing discrete services onto one platform.
During the second phase, HMRC hope to “exploit the top quartile capabilities provided in the solution to develop new and innovative ways of communicating with our customers, whether that be on a one-to-one or one-to-many basis, in a way that work seamlessly and through standard interfaces where necessary with the authority’s other communication and communication-management services”.
To qualify for the contract, suppliers and their staff will be expected to hold a range of security certifications, including the ISO-27001 accreditation and penetration testers that have been recently approved by the National Cyber Security Centre’s CHECK programme. Firms will also need the NCSC’s Cyber Essentials Plus badge and must be covered by cyber risk insurance, HMRC said, as well as having a “security patch management system”.
The tax agency also stipulated that it needs to work with a provider possessing UK data centres – with “no data leaving the UK” at any point.
Suppliers wishing to bid for the contract have until the end of the month to do so, with a contract – worth £3.25m a year – due to go live on 1 February.