Tender

Provision of a Governance Risk Compliance Tool

FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE

This public procurement record has 1 release in its history.

Planning

19 Apr 2022 at 15:02

Planning Notice
Summary of the contracting process

The Foreign Commonwealth and Development Office (FCDO) is initiating a procurement process titled "Provision of a Governance Risk Compliance Tool," aimed at enhancing information security risk management. This tender falls under the goods category, specifically concerning security software packages, and is based in the UK. Currently in the planning and tender stages, the deadline for expressing interest in participating in this opportunity is set for 10 May 2022. The process follows a selective procurement method characterised as a restricted procedure, allowing for a focused selection of qualified suppliers.

This opportunity is poised to foster business growth particularly for companies specialising in security software solutions and compliance tools. Participants will need to demonstrate a minimum viable product and address both functional and non-functional requirements that cater to the FCDO's information security needs. Businesses with capabilities in providing comprehensive training and ongoing support are well-suited for this tender, which not only enhances operational efficiency for the FCDO but also creates a platform for successful bidders to expand their market presence in public sector contracts.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Start Free Trial Book a Demo
All Features Pricing

Notice Information

Notice Title

Provision of a Governance Risk Compliance Tool

Notice Description

FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities. The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners. The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews. Functional requirements (for the tool) * Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure * Centrally capture a set of IT systems and services and their assurance status * A mechanism for reporting to colleagues as well as up to board level * Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional * Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) * Minimum of SC clearance for all individuals accessing sensitive FCDO information and data * Tool vendor must have an annual IT Health Check performed by a certified CHECK company * Support multi-factor authentication and single sign on * Compliant with data protection legislation * Documented threat management processes and tools * Ability to integrate with FCDO incident management processes and procedures * Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) * Named UK data centre, with all processing capability and call centre support within UK and EU * Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training * Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract * Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO * Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates * Provide support for end users * Ensure the platform is kept up-to-date, patching should be maintained at N-1

Lot Information

Lot 1

Detail provided in section II.1.4 is not an exhaustive list of requirements. The Authority requests notes of interest in a potential procurement exercise within fifteen (15) working days of the publication of this notice. At the expiry of this deadline, the Authority will commence pre-tender engagement with interested suppliers, which may involve, but will not be limited to; disclosure of the work in progress requirement set, demonstration of supplier offerings and review of potential contractual arrangements.

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-032e86
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/010218-2022
Current Stage
Tender
All Stages
Planning, Tender

Procurement Classification

Notice Type
Planning Notice
Procurement Type
Standard
Procurement Category
Goods
Procurement Method
Selective
Procurement Method Details
Restricted procedure
Tender Suitability
Not specified
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

48 - Software package and information systems

CPV Codes

48730000 - Security software package

Notice Value(s)

Tender Value
Not specified
Lots Value
Not specified
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
19 Apr 20223 years ago
Submission Deadline
10 May 2022Expired
Future Notice Date
Not specified
Award Date
Not specified
Contract Period
Not specified - Not specified
Recurrence
Not specified

Notice Status

Tender Status
Active
Lots Status
Active
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE
Contact Name
Not specified
Contact Email
ict.commercial@fco.gov.uk
Contact Phone
+44 2070080932

Buyer Location

Locality
LONDON
Postcode
SW1A 2AH
Post Town
South West London
Country
England
Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI3 Inner London - West
Small Region (ITL 3)
TLI35 Westminster and City of London
Delivery Location
Not specified
Local Authority
Westminster
Electoral Ward
St James's
Westminster Constituency
Cities of London and Westminster

Further Information

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-032e86-2022-04-19T16:02:53+01:00",
    "date": "2022-04-19T16:02:53+01:00",
    "ocid": "ocds-h6vhtk-032e86",
    "description": "This notice is for information only. The Contracting Authority may or may not subsequently publish a formal contract opportunity notice in the future. The Contracting Authority may, without prejudice, use feedback from the responses and demos to help inform the development of the potential requirement.",
    "initiationType": "tender",
    "tender": {
        "id": "CPG/7899/2022",
        "legalBasis": {
            "id": "32014L0024",
            "scheme": "CELEX"
        },
        "title": "Provision of a Governance Risk Compliance Tool",
        "status": "active",
        "classification": {
            "scheme": "CPV",
            "id": "48730000",
            "description": "Security software package"
        },
        "mainProcurementCategory": "goods",
        "description": "FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities. The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners. The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews. Functional requirements (for the tool) * Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure * Centrally capture a set of IT systems and services and their assurance status * A mechanism for reporting to colleagues as well as up to board level * Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional * Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) * Minimum of SC clearance for all individuals accessing sensitive FCDO information and data * Tool vendor must have an annual IT Health Check performed by a certified CHECK company * Support multi-factor authentication and single sign on * Compliant with data protection legislation * Documented threat management processes and tools * Ability to integrate with FCDO incident management processes and procedures * Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) * Named UK data centre, with all processing capability and call centre support within UK and EU * Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training * Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract * Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO * Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates * Provide support for end users * Ensure the platform is kept up-to-date, patching should be maintained at N-1",
        "lots": [
            {
                "id": "1",
                "description": "Detail provided in section II.1.4 is not an exhaustive list of requirements. The Authority requests notes of interest in a potential procurement exercise within fifteen (15) working days of the publication of this notice. At the expiry of this deadline, the Authority will commence pre-tender engagement with interested suppliers, which may involve, but will not be limited to; disclosure of the work in progress requirement set, demonstration of supplier offerings and review of potential contractual arrangements.",
                "status": "active"
            }
        ],
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "48730000",
                        "description": "Security software package"
                    }
                ],
                "deliveryAddresses": [
                    {
                        "region": "UK"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "participationFees": [
            {
                "id": "1",
                "type": [
                    "document"
                ]
            }
        ],
        "submissionMethod": [
            "electronicSubmission",
            "written"
        ],
        "submissionMethodDetails": "https://www.gov.uk/government/organisations/foreign-commonwealth-development-office",
        "procurementMethod": "selective",
        "procurementMethodDetails": "Restricted procedure",
        "coveredBy": [
            "GPA"
        ],
        "tenderPeriod": {
            "endDate": "2022-05-10T17:00:00+01:00"
        },
        "submissionTerms": {
            "languages": [
                "en"
            ]
        }
    },
    "parties": [
        {
            "id": "GB-FTS-131",
            "name": "Foreign Commonwealth and Development Office",
            "identifier": {
                "legalName": "Foreign Commonwealth and Development Office"
            },
            "address": {
                "streetAddress": "King Charles Street",
                "locality": "London",
                "region": "UK",
                "postalCode": "SW1A 2AH",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "telephone": "+44 2070080932",
                "email": "ict.commercial@fco.gov.uk"
            },
            "roles": [
                "buyer",
                "centralPurchasingBody"
            ],
            "details": {
                "url": "https://www.gov.uk/government/organisations/foreign-commonwealth-development-office",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "id": "MINISTRY",
                        "description": "Ministry or any other national or federal authority, including their regional or local subdivisions"
                    },
                    {
                        "scheme": "COFOG",
                        "id": "01",
                        "description": "General public services"
                    }
                ]
            }
        },
        {
            "id": "GB-FTS-38161",
            "name": "High Royal courts of Justice",
            "identifier": {
                "legalName": "High Royal courts of Justice"
            },
            "address": {
                "locality": "London",
                "countryName": "United Kingdom"
            },
            "roles": [
                "reviewBody"
            ]
        }
    ],
    "buyer": {
        "id": "GB-FTS-131",
        "name": "Foreign Commonwealth and Development Office"
    },
    "language": "en"
}