Planning

A SAP Governance, Risk and Compliance (GRC) Solution

CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE

This public procurement record has 1 release in its history.

Planning

17 Feb 2021 at 10:10

Summary of the contracting process

The CTM Portal for the NDA Shared Services Alliance is planning to procure a SAP Governance, Risk and Compliance (GRC) Solution, aimed at enhancing compliance and risk management for their SAP ERP System. This procurement is categorised under software and information systems, specifically for goods. Interested suppliers should note that the deadline for responses to this notice is 12pm on 3rd March 2021, with further supplier engagement planned through a presentation session on 8th March 2021. The procurement is currently in the planning stage and is expected to include an initial solution for 10 core users along with additional licenses for emergency access.

This tender presents a significant opportunity for businesses specialising in software programming, consultancy, and specifically those experienced with SAP systems and compliance solutions. Companies that can provide innovative technologies for user access management, data protection compliance, and audit analytics would be particularly well-suited to compete. The focus on automating governance, risk, and compliance processes suggests a preference for solutions that enhance operational efficiency and reduce costs, making this an appealing tender for businesses looking to expand in the public sector, especially within the nuclear decommissioning domain.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Notice Title

A SAP Governance, Risk and Compliance (GRC) Solution

Notice Description

The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis. The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC's (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.

Lot Information

Lot 1

BACKGROUND -- LANDSCAPE Sellafield has been nearly 80 years in the making. A pioneer for the UK's nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield's history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints. Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country's highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state. The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield's overall approach and any future acquisition strategy in relation to SAP GRC. Interested parties are requested to provide information on how your Company could provide part or all of the technology required. The tool will enable Sellafield to: - manage regulations and compliance and remove or mitigate any risk in managing key operations. - develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value. - demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR. Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Additional information: The priority areas are: * Access Request Management * Segregation of Duties * User Access Reviews * User Behaviour Profiling * Role Management * Emergency Access * Licence Optimisation/Compliance * GDPR Compliance * Audit Compliance * Monitoring/Analytics * Future proofing for S/4 HANA for role migration/testing

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-0293c3
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/003164-2021
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Standard
Procurement Category
Goods
Procurement Method
Not Specified
Procurement Method Details
Not specified
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

48 - Software package and information systems

72 - IT services: consulting, software development, Internet and support


CPV Codes

48000000 - Software package and information systems

72200000 - Software programming and consultancy services

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
17 Feb 20215 years ago
Submission Deadline
Not specified
Future Notice Date
1 Apr 2021Expired
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Contracting Authority (Buyer)

Main Buyer
CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE
Contact Name
Charlotte Inglesfield
Contact Email
charlotte.inglesfield@sellafieldsites.com
Contact Phone
+44 1946777868

Buyer Location

Locality
SEASCALE
Postcode
CA20 1PG
Post Town
Carlisle
Country
England

Major Region (ITL 1)
TLD North West (England)
Basic Region (ITL 2)
TLD1 Cumbria
Small Region (ITL 3)
TLD13 Cumberland
Delivery Location
TLD North West (England)

Local Authority
Cumberland
Electoral Ward
Gosforth
Westminster Constituency
Whitehaven and Workington

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-0293c3-2021-02-17T10:10:35Z",
    "date": "2021-02-17T10:10:35Z",
    "ocid": "ocds-h6vhtk-0293c3",
    "description": "The scope of this requirement may include but is not limited to the following: to supply and implement an On Premise SAP GRC Tool to deliver the requirements as outlined. The initial scope will be for 10 core users and to also include for an additional 60 licences to cover Emergency Access and Access Request users. The solution must also: * provide an automated Segregation of Duties management tool. The SoD tool must support Sellafield internal controls methodology and must allow cross modular checks * provide an audit trail and reports to support internal and external audits * provide User Behaviour Profiling to authorisation object and transaction keystrokes used to enable re-engineering of roles * perform SoD and GDPR checks on new and existing roles * provide an end to end licence management tool for measurement of compliance, optimisation, licence retirement and recycling * The licence Management tool must include analysis and identification of SAP users that are obsolete, duplicated or wrongly assigned licences * The Licence Management tool must give a consolidated view across all systems - SAP ERP Central Component (ECC), Supplier Relationship Management (SRM) and Business Warehouse (BW). * provide real time audit analytics to enable identification and resolution of audit issues * be intuitive and easy to use whilst providing detailed information to the SME's. * need to support using Active Directory Single Sign-On for SAP in the future. * support the processing of 11,500 Portal users (Employee and Manager Self Service) of which 900 are Back End users Deliverables: The successful Contractor will be required to: * Provide an on premise SAP Governance, Risk and Compliance Solution initially licensed for 10 core users and to also include for an additional 60 licences to cover Emergency Access and Access Request users. * The above solution should include any associated hardware, software, initial set-up/configuration and/or professional services fees * Provide ongoing training, implementation and maintenance support for the solution Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Sellafield is seeking to gather information from suppliers with a capability to provide the services either in part or in whole. If suppliers wish to respond to this notice, please provide the following: 1. Company Name; 2. Contact details, including locations, telephone number, email address, main point of contact and position in company; 3. Details of your company's core skills in relation to the scope outlined in this notice; 4. Provide solutions from your portfolio that will deliver the scope of requirements and value to Sellafield, with an indicative outline of the delivery to scope and associated cost models. Outlining the benefits of each; 5. Case studies from any similar projects (considering the details outlined in section II.3) that your company has completed within a regulated environment in the last 2 years. Please provide your responses to the questions above to the contact person detail in section I.1) of this notice no later than 12pm on 3rd March 2021 . Suppliers to note that Sellafield are proposing to hold a 'Supplier Presentation Session' on 8th March. This will be dependent on the responses received. A response to this PIN does not guarantee any invitation to participate in any future procurement process that Sellafield may conduct. Applicants will be required to participate in a tender process.",
    "initiationType": "tender",
    "tender": {
        "id": "WA02642",
        "legalBasis": {
            "id": "32014L0024",
            "scheme": "CELEX"
        },
        "title": "A SAP Governance, Risk and Compliance (GRC) Solution",
        "status": "planned",
        "classification": {
            "scheme": "CPV",
            "id": "48000000",
            "description": "Software package and information systems"
        },
        "mainProcurementCategory": "goods",
        "description": "The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis. The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC's (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.",
        "lots": [
            {
                "id": "1",
                "description": "BACKGROUND -- LANDSCAPE Sellafield has been nearly 80 years in the making. A pioneer for the UK's nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield's history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints. Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country's highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state. The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield's overall approach and any future acquisition strategy in relation to SAP GRC. Interested parties are requested to provide information on how your Company could provide part or all of the technology required. The tool will enable Sellafield to: - manage regulations and compliance and remove or mitigate any risk in managing key operations. - develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value. - demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR. Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Additional information: The priority areas are: * Access Request Management * Segregation of Duties * User Access Reviews * User Behaviour Profiling * Role Management * Emergency Access * Licence Optimisation/Compliance * GDPR Compliance * Audit Compliance * Monitoring/Analytics * Future proofing for S/4 HANA for role migration/testing",
                "status": "planned"
            }
        ],
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "72200000",
                        "description": "Software programming and consultancy services"
                    }
                ],
                "deliveryAddresses": [
                    {
                        "region": "UKD"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "communication": {
            "futureNoticeDate": "2021-04-02T00:00:00+01:00"
        },
        "coveredBy": [
            "GPA"
        ]
    },
    "parties": [
        {
            "id": "GB-FTS-4524",
            "name": "CTM Portal for the NDA Shared Services Alliance",
            "identifier": {
                "legalName": "CTM Portal for the NDA Shared Services Alliance",
                "id": "01002607"
            },
            "address": {
                "streetAddress": "Calder Bridge",
                "locality": "Seascale",
                "region": "UKD",
                "postalCode": "CA20 1PG",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "Charlotte Inglesfield",
                "telephone": "+44 1946777868",
                "email": "charlotte.inglesfield@sellafieldsites.com",
                "url": "https://sharedsystems.eu-supply.com/app/rfq/rwlentrance_s.asp?PID=13344&B=SELLAFIELD"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.gov.uk/government/case-studies/shared-services-alliance-ssa-for-nuclear-decommissioning-estate",
                "buyerProfile": "https://sharedsystems.eu-supply.com/ctm/Company/CompanyInformation/Index/3510",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "id": "BODY_PUBLIC",
                        "description": "Body governed by public law"
                    },
                    {
                        "scheme": "COFOG",
                        "description": "Nuclear Decommissioning"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-FTS-4524",
        "name": "CTM Portal for the NDA Shared Services Alliance"
    },
    "language": "en"
}