D3 Tenders | DDaT Enterprise GRC Tooling

Notice Information

Get alerts for notices like these

Notice Title

DDaT Enterprise GRC Tooling

Notice Description

The purpose of this Request for Information (RFI) is to conduct market research to identify Governance, Risk and Compliance (GRC) tooling that could support DDaT governance activities. We are seeking information on platforms or tools that enable: 1. Risk Management 2. Audit Management 3. Compliance Management

Planning Information

The NHS Business Services Authority (NHSBSA) is an Arm’s Length Body of the Department of Health and Social Care, responsible for providing platforms and delivering services that support the priorities of the NHS, Government and local health economies. Over £100 billion of NHS spend flows through our systems annually. Our purpose is to deliver business service excellence to the NHS to help people live longer, healthier lives. Our vision is to be the provider of national, at scale business services for the health and social care system, transforming and delivering these services to maximise efficiency and meet customer expectations. As part of strengthening our governance capability, we are seeking to move beyond fragmented processes and manual reporting towards a dynamic, insight-driven Governance, Risk and Compliance (GRC) environment. Our ambition is to implement tooling that: • Provides near real-time visibility across organisational risk, audit, and compliance activities • Enables clear traceability between risks, controls, compliance obligations, and audit activity • Records a full history of changes to risks, controls, compliance items, and evidence, maintaining audit trails and version tracking for transparency and accountability • Supports proactive risk management and assurance, rather than retrospective reporting • Enables trend analysis and thematic insight across the organisation • Reduces duplication of effort through control reuse and structured assurance mapping • Improves accountability through clear ownership, workflow, and approval processes We are particularly interested in solutions that: • Treat GRC as an interconnected system rather than isolated processes • Provide intuitive dashboards suitable for senior leadership and governance reporting • Enable monitoring of control effectiveness and impact analysis across multiple domains • Maintain a full historical record of changes to support governance, oversight, and assurance reporting • Support scalable governance maturity over time The ambition is not merely to digitise existing processes, but to strengthen decision-making, organisational oversight, and enterprise-wide transparency through structured, connected GRC tooling. Use of Artificial Intelligence and Automation We recognise that modern Governance, Risk and Compliance (GRC) platforms increasingly incorporate artificial intelligence (AI), machine learning, and intelligent automation capabilities. As part of this market engagement, we are interested in understanding how AI-enabled functionality could enhance: • Risk identification and trend detection • Predictive risk analysis and early warning indicators • Automated control monitoring and anomaly detection • Intelligent workflow routing and prioritisation • Evidence reviews and document classification • Thematic analysis across audit findings, risks and compliance data • Reduction of manual administrative burden Any AI capability should: • Be transparent and explainable in its outputs • Support human oversight and governance decision-making • Operate within appropriate data protection, security and ethical boundaries • Clearly describe model training sources and data usage (where applicable) We are seeking insight into both current AI functionality and planned roadmap developments. Please download the documentation and send your response to this RFI via the Atamis portal ( https://atamis-1928.my.site.com/s/Welcome).

Notice Details

Get alerts for notices like these

Publication & Lifecycle

Open Contracting ID: ocds-h6vhtk-066447
Publication Source: Find A Tender Service
Latest Notice: https://www.find-tender.service.gov.uk/Notice/020446-2026
Current Stage: Planning
All Stages: Planning

Procurement Classification

Notice Type: UK2 - Preliminary Market Engagement Notice
Procurement Type: Standard
Procurement Category: Services
Procurement Method: Not Specified
Procurement Method Details: Not specified
Tender Suitability: SME
Awardee Scale: Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

48 - Software package and information systems

72 - IT services: consulting, software development, Internet and support

CPV Codes

48517000 - IT software package

72000000 - IT services: consulting, software development, Internet and support

Notice Value(s)

Tender Value: £350,000 £100K-£500K
Lots Value: Not specified
Awards Value: Not specified
Contracts Value: Not specified

Notice Dates

Publication Date: 6 Mar 20261 weeks ago
Submission Deadline: Not specified
Future Notice Date: 10 Apr 20264 weeks to go
Award Date: Not specified
Contract Period: 30 Sep 2026 - 30 Sep 2028 2-3 years
Recurrence: Not specified

Notice Status

Tender Status: Planning
Lots Status: Planning
Awards Status: Not Specified
Contracts Status: Not Specified

Buyer & Supplier

Get alerts for notices like these

Contracting Authority (Buyer)

Main Buyer: NHS BUSINESS SERVICES AUTHORITY
Contact Name: Available with D3 Tenders Premium →
Contact Email: Available with D3 Tenders Premium →
Contact Phone: Available with D3 Tenders Premium →

Buyer Location

Locality: NEWCASTLE UPON TYNE
Postcode: NE15 8NY
Post Town: Newcastle upon Tyne
Country: England
Major Region (ITL 1): TLC North East (England)
Basic Region (ITL 2): TLC4 Northumberland, Durham and Tyne & Wear
Small Region (ITL 3): TLC43 Tyneside
Delivery Location: Not specified
Local Authority: Newcastle upon Tyne
Electoral Ward: Lemington
Westminster Constituency: Newcastle upon Tyne Central and West

Further Information

Notice Documents

https://www.find-tender.service.gov.uk/Notice/020446-2026
6th March 2026 - Preliminary market engagement notice on Find a Tender

Notice URLs

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-066447-2026-03-06T14:11:18Z",
    "date": "2026-03-06T14:11:18Z",
    "ocid": "ocds-h6vhtk-066447",
    "initiationType": "tender",
    "parties": [
        {
            "id": "GB-PPON-PRLZ-1599-JGTT",
            "name": "NHS Business Services Authority",
            "identifier": {
                "scheme": "GB-PPON",
                "id": "PRLZ-1599-JGTT"
            },
            "address": {
                "streetAddress": "Stella House, Goldcrest Way, Newburn Riverside",
                "locality": "Newcastle upon Tyne",
                "postalCode": "NE15 8NY",
                "country": "GB",
                "countryName": "United Kingdom",
                "region": "UKC22"
            },
            "contactPoint": {
                "email": "nhsbsa.commercialservicesteam@nhsbsa.nhs.uk"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "https://www.nhsbsa.nhs.uk/",
                "classifications": [
                    {
                        "id": "publicAuthorityCentralGovernment",
                        "scheme": "UK_CA_TYPE",
                        "description": "Public authority - central government"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-PPON-PRLZ-1599-JGTT",
        "name": "NHS Business Services Authority"
    },
    "planning": {
        "milestones": [
            {
                "id": "engagement",
                "type": "engagement",
                "description": "The NHS Business Services Authority (NHSBSA) is an Arm's Length Body of the Department of Health and Social Care, responsible for providing platforms and delivering services that support the priorities of the NHS, Government and local health economies. Over PS100 billion of NHS spend flows through our systems annually. Our purpose is to deliver business service excellence to the NHS to help people live longer, healthier lives. Our vision is to be the provider of national, at scale business services for the health and social care system, transforming and delivering these services to maximise efficiency and meet customer expectations. As part of strengthening our governance capability, we are seeking to move beyond fragmented processes and manual reporting towards a dynamic, insight-driven Governance, Risk and Compliance (GRC) environment. Our ambition is to implement tooling that: * Provides near real-time visibility across organisational risk, audit, and compliance activities * Enables clear traceability between risks, controls, compliance obligations, and audit activity * Records a full history of changes to risks, controls, compliance items, and evidence, maintaining audit trails and version tracking for transparency and accountability * Supports proactive risk management and assurance, rather than retrospective reporting * Enables trend analysis and thematic insight across the organisation * Reduces duplication of effort through control reuse and structured assurance mapping * Improves accountability through clear ownership, workflow, and approval processes We are particularly interested in solutions that: * Treat GRC as an interconnected system rather than isolated processes * Provide intuitive dashboards suitable for senior leadership and governance reporting * Enable monitoring of control effectiveness and impact analysis across multiple domains * Maintain a full historical record of changes to support governance, oversight, and assurance reporting * Support scalable governance maturity over time The ambition is not merely to digitise existing processes, but to strengthen decision-making, organisational oversight, and enterprise-wide transparency through structured, connected GRC tooling. Use of Artificial Intelligence and Automation We recognise that modern Governance, Risk and Compliance (GRC) platforms increasingly incorporate artificial intelligence (AI), machine learning, and intelligent automation capabilities. As part of this market engagement, we are interested in understanding how AI-enabled functionality could enhance: * Risk identification and trend detection * Predictive risk analysis and early warning indicators * Automated control monitoring and anomaly detection * Intelligent workflow routing and prioritisation * Evidence reviews and document classification * Thematic analysis across audit findings, risks and compliance data * Reduction of manual administrative burden Any AI capability should: * Be transparent and explainable in its outputs * Support human oversight and governance decision-making * Operate within appropriate data protection, security and ethical boundaries * Clearly describe model training sources and data usage (where applicable) We are seeking insight into both current AI functionality and planned roadmap developments. Please download the documentation and send your response to this RFI via the Atamis portal ( https://atamis-1928.my.site.com/s/Welcome).",
                "dueDate": "2026-04-10T23:59:59+01:00",
                "status": "scheduled"
            }
        ],
        "documents": [
            {
                "id": "020446-2026",
                "documentType": "marketEngagementNotice",
                "noticeType": "UK2",
                "description": "Preliminary market engagement notice on Find a Tender",
                "url": "https://www.find-tender.service.gov.uk/Notice/020446-2026",
                "datePublished": "2026-03-06T14:11:18Z",
                "format": "text/html"
            }
        ]
    },
    "tender": {
        "id": "C429685",
        "legalBasis": {
            "id": "2023/54",
            "scheme": "UKPGA",
            "uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
        },
        "title": "DDaT Enterprise GRC Tooling",
        "description": "The purpose of this Request for Information (RFI) is to conduct market research to identify Governance, Risk and Compliance (GRC) tooling that could support DDaT governance activities. We are seeking information on platforms or tools that enable: 1. Risk Management 2. Audit Management 3. Compliance Management",
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "48517000",
                        "description": "IT software package"
                    },
                    {
                        "scheme": "CPV",
                        "id": "72000000",
                        "description": "IT services: consulting, software development, Internet and support"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "value": {
            "amountGross": 420000,
            "amount": 350000,
            "currency": "GBP"
        },
        "mainProcurementCategory": "services",
        "aboveThreshold": true,
        "lots": [
            {
                "id": "1",
                "suitability": {
                    "sme": true
                },
                "contractPeriod": {
                    "startDate": "2026-10-01T00:00:00+01:00",
                    "endDate": "2028-09-30T23:59:59+01:00"
                },
                "status": "planning"
            }
        ],
        "status": "planning"
    },
    "language": "en"
}