Award

Provision of a Cyber Security Governance Risk & Compliance Solution

CROWN COMMERCIAL SERVICE

This public procurement record has 1 release in its history.

Award

13 Nov 2025 at 09:21

Summary of the contracting process

The Crown Commercial Service, acting on behalf of the Cabinet Office, has completed the procurement process for the "Provision of a Cyber Security Governance Risk & Compliance Solution." This tender, classified under IT services with the CPV code 72000000, focuses on enhancing cyber risk and compliance requirements with a Governance, Risk, and Compliance (GRC) tool. The procurement process employed a selective method, specifically a call-off from a framework agreement. Key contract dates include a start on 27th October 2025 and an end on 26th October 2027. The contract, valued at £320,000, has been awarded to PHOENIX SOFTWARE LIMITED, with the procurement stage now in the award phase.

This tender presents significant opportunities for businesses specialising in IT services and software development, particularly those with expertise in risk management and compliance solutions. While the chosen procurement method favours established suppliers through framework agreements, companies seeking growth can benefit from understanding such processes to enhance their future competitiveness. Large software companies with a focus on enterprise solutions stand to gain the most from this type of contract, given the centralised management and comprehensive reporting requirements specified by the Cabinet Office.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Notice Title

Provision of a Cyber Security Governance Risk & Compliance Solution

Notice Description

The Cabinet Office requires a Governance, Risk, and Compliance (GRC) tool to enhance its cyber risks and compliance requirements. The tool will enable clear tracking of governance activities, risks and ensure alignment with departmental objectives. Ultimately, this will promote more efficient and well-managed digital services across the department. Overarching requirements: Centralised management: Must provide a single platform to record, track, and manage governance activities, risks, and compliance tasks. While the immediate focus is on cyber risks, the ability to serve as a consolidated enterprise risk management tool is also highly valued. Self- service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. Risk Assessment and Tracking: Ability to identify, assess, and monitor risks as well as controls with options for categorisation and prioritisation. Policy and Compliance Monitoring: Support for capturing and auditing compliance with relevant policies, regulations, and standards.

Publication & Lifecycle

Open Contracting ID
ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9
Publication Source
Contracts Finder
Latest Notice
https://www.contractsfinder.service.gov.uk/Notice/9da76c70-7ced-42de-9d21-6ed49d5479fa
Current Stage
Award
All Stages
Award

Procurement Classification

Notice Type
Award Notice
Procurement Type
Framework
Procurement Category
Services
Procurement Method
Selective
Procurement Method Details
Call-off from a framework agreement
Tender Suitability
Not specified
Awardee Scale
Large

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support


CPV Codes

72000000 - IT services: consulting, software development, Internet and support

Notice Value(s)

Tender Value
£320,000 £100K-£500K
Lots Value
Not specified
Awards Value
£320,000 £100K-£500K
Contracts Value
Not specified

Notice Dates

Publication Date
13 Nov 20253 months ago
Submission Deadline
19 Oct 2025Expired
Future Notice Date
Not specified
Award Date
27 Oct 20253 months ago
Contract Period
27 Oct 2025 - 26 Oct 2027 1-2 years
Recurrence
Not specified

Notice Status

Tender Status
Complete
Lots Status
Not Specified
Awards Status
Active
Contracts Status
Not Specified

Contracting Authority (Buyer)

Main Buyer
CROWN COMMERCIAL SERVICE
Contact Name
Available with D3 Tenders Premium →
Contact Email
Available with D3 Tenders Premium →
Contact Phone
Available with D3 Tenders Premium →

Buyer Location

Locality
LIVERPOOL
Postcode
L3 9PP
Post Town
Liverpool
Country
England

Major Region (ITL 1)
TLD North West (England)
Basic Region (ITL 2)
TLD7 Merseyside
Small Region (ITL 3)
TLD72 Liverpool
Delivery Location
Not specified

Local Authority
Liverpool
Electoral Ward
City Centre North
Westminster Constituency
Liverpool Riverside

Supplier Information

Number of Suppliers
1
Supplier Name

PHOENIX SOFTWARE

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9-2025-11-13T09:21:11Z",
    "date": "2025-11-13T09:21:11Z",
    "ocid": "ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9",
    "language": "en",
    "initiationType": "tender",
    "tender": {
        "id": "CCIT25A23.",
        "title": "Provision of a Cyber Security Governance Risk & Compliance Solution",
        "description": "The Cabinet Office requires a Governance, Risk, and Compliance (GRC) tool to enhance its cyber risks and compliance requirements. The tool will enable clear tracking of governance activities, risks and ensure alignment with departmental objectives. Ultimately, this will promote more efficient and well-managed digital services across the department. Overarching requirements: Centralised management: Must provide a single platform to record, track, and manage governance activities, risks, and compliance tasks. While the immediate focus is on cyber risks, the ability to serve as a consolidated enterprise risk management tool is also highly valued. Self- service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. Risk Assessment and Tracking: Ability to identify, assess, and monitor risks as well as controls with options for categorisation and prioritisation. Policy and Compliance Monitoring: Support for capturing and auditing compliance with relevant policies, regulations, and standards.",
        "status": "complete",
        "classification": {
            "scheme": "CPV",
            "id": "72000000",
            "description": "IT services: consulting, software development, Internet and support"
        },
        "items": [
            {
                "id": "1",
                "deliveryAddresses": [
                    {
                        "countryName": "United Kingdom"
                    }
                ]
            }
        ],
        "value": {
            "amount": 320000,
            "currency": "GBP"
        },
        "procurementMethod": "selective",
        "procurementMethodDetails": "Call-off from a framework agreement",
        "tenderPeriod": {
            "endDate": "2025-10-20T00:00:00+01:00"
        },
        "contractPeriod": {
            "startDate": "2025-10-27T00:00:00Z",
            "endDate": "2027-10-26T23:59:59+01:00"
        },
        "suitability": {
            "sme": false,
            "vcse": false
        },
        "mainProcurementCategory": "services"
    },
    "parties": [
        {
            "id": "GB-SRS-supplierregistration.cabinetoffice.gov.uk/6sQD8uds",
            "name": "Crown Commercial Service",
            "identifier": {
                "legalName": "Crown Commercial Service",
                "scheme": "GB-SRS",
                "id": "supplierregistration.cabinetoffice.gov.uk/6sQD8uds"
            },
            "address": {
                "streetAddress": "Floor 9, The Capital Building, Old Hall Street",
                "locality": "Liverpool",
                "postalCode": "L3 9PP",
                "countryName": "England"
            },
            "contactPoint": {
                "name": "Crown Commercial Service on behalf of Cabinet Office : Cabinet Office",
                "email": "supplier@crowncommercial.gov.uk",
                "telephone": "3450103503"
            },
            "details": {
                "url": "https://www.gov.uk/government/organisations/crown-commercial-service"
            },
            "roles": [
                "buyer"
            ]
        },
        {
            "id": "GB-CFS-317277",
            "name": "PHOENIX SOFTWARE LIMITED",
            "identifier": {
                "legalName": "PHOENIX SOFTWARE LIMITED"
            },
            "address": {
                "streetAddress": "Blenheim House York Road, Pocklington YO42 1NS York United Kingdom"
            },
            "details": {
                "scale": "large",
                "vcse": false
            },
            "roles": [
                "supplier"
            ]
        }
    ],
    "buyer": {
        "id": "GB-SRS-supplierregistration.cabinetoffice.gov.uk/6sQD8uds",
        "name": "Crown Commercial Service"
    },
    "awards": [
        {
            "id": "ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9-1",
            "status": "active",
            "date": "2025-10-27T00:00:00Z",
            "datePublished": "2025-11-13T09:21:11Z",
            "value": {
                "amount": 320000,
                "currency": "GBP"
            },
            "suppliers": [
                {
                    "id": "GB-CFS-317277",
                    "name": "PHOENIX SOFTWARE LIMITED"
                }
            ],
            "contractPeriod": {
                "startDate": "2025-10-27T00:00:00Z",
                "endDate": "2027-10-26T23:59:59+01:00"
            },
            "documents": [
                {
                    "id": "1",
                    "documentType": "awardNotice",
                    "description": "Awarded contract notice on Contracts Finder",
                    "url": "https://www.contractsfinder.service.gov.uk/Notice/9da76c70-7ced-42de-9d21-6ed49d5479fa",
                    "datePublished": "2025-11-13T09:21:11Z",
                    "format": "text/html",
                    "language": "en"
                },
                {
                    "id": "2",
                    "documentType": "contractSigned",
                    "url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/5180a012-dc38-4d77-aa46-e79c635b32cc",
                    "format": "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
                }
            ]
        }
    ]
}