Notice Information
Notice Title
Governance Risk and Compliance tool
Notice Description
DELTA Access Code :4J4GPFS79V Description The Authority aims to procure a scalable, integrated Governance, Risk and Compliance (GRC) software solution, capable of supporting its organisational growth and any required regulatory obligations. The solution is intended to consolidate risk data from across the Authority into a single platform that strengthens oversight, enhances analysis & reporting, improves operational efficiency, and ensures accountability. A GRC tool may also provide the opportunity to identify data synergies and move away from several systems used across the Authority. Strategic Objectives Integrated View of the Risk and Control Environment A unified cloud-based platform will provide a single source of truth for risks, controls, incidents, actions and metrics. Full traceability will be maintained across taxonomies, business units, policies and key processes, improving framework integration, transparency and decision-making. Data Driven Culture and Analytics The system will enable trend analysis, early warning indicators and data driven insights to support proactive management of current and emerging risks. Operational Efficiency and Improved Ownership An intuitive user experience, default 'outofthebox' configurability, guided workflows and automation will reduce manual effort and embed firstline ownership of risks and controls, while supporting second line oversight and challenge. High Quality Data and Reporting Automated dashboards and configurable reporting to the Microsoft Office suite will streamline internal and external stakeholder reporting, including for senior management, committees and regulators. Assurance and Regulatory Compliance The platform will facilitate compliance with the UK Corporate Governance Code (including Provision 29) and relevant FCA expectations. Evidence trails, compliance monitoring and control testing will support a robust assurance framework. Core Capability Requirements Initial core capability requirements have been identified, with activities still ongoing to define the full scope of requirements and determine the business units which a GRC tool may be implemented into. A full prioritised list of requirements and business units identified as part of ongoing activities, will be incorporated into future specifications. The current core GRC solution must support, but not be limited to the following key modules: Risk & Control Management - Risk and control library - RCSA: inherent/residual assessments, control tiering and assessments, risk acceptances and outoftolerance management - Heat maps, bow ties and risk scoring matrices - Control improvement actions - Endtoend traceability of risk, control and incident data by risk taxonomy, business unit, policy suite, and key processes Control Testing - Structured workflows, evidence capture and reporting to support assurance activities. Data, Reporting & Analytics - Configurable automated reporting - UK Corporate Governance Code Provision 29aligned reporting - Data ingestion from internal and external sources - Use of AIassisted tooling where appropriate Risk Appetite & Key Risk Indicators - Capture, monitoring and reporting of KRIs and risk appetite metrics. Incident Management - Central reporting portal - End to end incident lifecycle management, including automations - Metrics and trend analysis Policy Management - Governance and maintenance of the policy suite - Evidence based assessment of policy effectiveness using risk, control, testing and incident data Regulatory Compliance - Compliance monitoring plan execution - Horizon scanning and analysis of regulatory changes - Impact assessment of external developments on the control environment Ethics & Integrity - Management and reporting of gifts and hospitality, conflicts of interest, personal account dealing and insider lists. Internal Audit - Audit planning and delivery workflows - Action tracking and reporting Non-Core Capabilities While not central to the initial procurement, the system should also be capable of supporting: - Business continuity and resilience - Programme/project risk management - Third party risk management
Lot Information
Lot 1
Renewal: Optional 2 year extension is applicable to this contract
Notice Details
Publication & Lifecycle
- Open Contracting ID
- ocds-h6vhtk-067195
- Publication Source
- Find A Tender Service
- Latest Notice
- https://www.find-tender.service.gov.uk/Notice/047427-2026
- Current Stage
- Tender
- All Stages
- Planning, Tender
Procurement Classification
- Notice Type
- UK4 - Tender Notice
- Procurement Type
- Standard
- Procurement Category
- Services
- Procurement Method
- Open
- Procurement Method Details
- Competitive flexible procedure
- Tender Suitability
- SME, VCSE
- Awardee Scale
- Not specified
Common Procurement Vocabulary (CPV)
- CPV Divisions
72 - IT services: consulting, software development, Internet and support
79 - Business services: law, marketing, consulting, recruitment, printing and security
90 - Sewage, refuse, cleaning and environmental services
-
- CPV Codes
72212170 - Compliance software development services
72212442 - Financial systems software development services
79212110 - Corporate governance rating services
90711100 - Risk or hazard assessment other than for construction
Notice Value(s)
- Tender Value
- £1,100,000 £1M-£10M
- Lots Value
- £1,100,000 £1M-£10M
- Awards Value
- Not specified
- Contracts Value
- Not specified
Notice Dates
- Publication Date
- 21 May 20262 days ago
- Submission Deadline
- 29 May 20265 days to go
- Future Notice Date
- 18 May 2026Expired
- Award Date
- Not specified
- Contract Period
- 5 Oct 2026 - 5 Oct 2032 Over 5 years
- Recurrence
- Not specified
Notice Status
- Tender Status
- Active
- Lots Status
- Active
- Awards Status
- Not Specified
- Contracts Status
- Not Specified
Buyer & Supplier
Contracting Authority (Buyer)
- Main Buyer
- BRITISH BUSINESS BANK PLC
- Contact Name
- Available with D3 Tenders Premium →
- Contact Email
- Available with D3 Tenders Premium →
- Contact Phone
- Available with D3 Tenders Premium →
Buyer Location
- Locality
- SHEFFIELD
- Postcode
- S1 2GQ
- Post Town
- Sheffield
- Country
- England
-
- Major Region (ITL 1)
- TLE Yorkshire and The Humber
- Basic Region (ITL 2)
- TLE3 South Yorkshire
- Small Region (ITL 3)
- TLE32 Sheffield
- Delivery Location
- Not specified
-
- Local Authority
- Sheffield
- Electoral Ward
- City
- Westminster Constituency
- Sheffield Central
Further Information
Notice Documents
-
https://www.find-tender.service.gov.uk/Notice/047427-2026
21st May 2026 - Tender notice on Find a Tender -
https://www.find-tender.service.gov.uk/Notice/047423-2026
21st May 2026 - Tender notice on Find a Tender -
https://www.find-tender.service.gov.uk/Notice/047402-2026
21st May 2026 - Tender notice on Find a Tender -
https://www.find-tender.service.gov.uk/Notice/026336-2026
23rd March 2026 - Planned procurement notice on Find a Tender
Open Contracting Data Standard (OCDS)
View full OCDS Record for this contracting process
The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.
{
"tag": [
"compiled"
],
"id": "ocds-h6vhtk-067195-2026-05-21T17:57:42+01:00",
"date": "2026-05-21T17:57:42+01:00",
"ocid": "ocds-h6vhtk-067195",
"initiationType": "tender",
"planning": {
"documents": [
{
"id": "026336-2026",
"documentType": "plannedProcurementNotice",
"noticeType": "UK3",
"description": "Planned procurement notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/026336-2026",
"datePublished": "2026-03-23T14:42:09Z",
"format": "text/html"
}
]
},
"parties": [
{
"id": "GB-PPON-PGTM-8337-GYXM",
"name": "British Business Bank Plc",
"identifier": {
"scheme": "GB-PPON",
"id": "PGTM-8337-GYXM"
},
"address": {
"streetAddress": "2, West Street",
"locality": "Sheffield",
"postalCode": "S1 2GQ",
"country": "GB",
"countryName": "United Kingdom",
"region": "UKE32"
},
"contactPoint": {
"name": "Procurement",
"email": "procurement@british-business-bank.co.uk",
"telephone": "01142502892"
},
"roles": [
"buyer"
],
"details": {
"classifications": [
{
"id": "publicAuthorityCentralGovernment",
"scheme": "UK_CA_TYPE",
"description": "Public authority - central government"
}
]
}
}
],
"buyer": {
"id": "GB-PPON-PGTM-8337-GYXM",
"name": "British Business Bank Plc"
},
"tender": {
"id": "ocds-h6vhtk-067195",
"legalBasis": {
"id": "2023/54",
"scheme": "UKPGA",
"uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
},
"title": "Governance Risk and Compliance tool",
"description": "DELTA Access Code :4J4GPFS79V Description The Authority aims to procure a scalable, integrated Governance, Risk and Compliance (GRC) software solution, capable of supporting its organisational growth and any required regulatory obligations. The solution is intended to consolidate risk data from across the Authority into a single platform that strengthens oversight, enhances analysis & reporting, improves operational efficiency, and ensures accountability. A GRC tool may also provide the opportunity to identify data synergies and move away from several systems used across the Authority. Strategic Objectives Integrated View of the Risk and Control Environment A unified cloud-based platform will provide a single source of truth for risks, controls, incidents, actions and metrics. Full traceability will be maintained across taxonomies, business units, policies and key processes, improving framework integration, transparency and decision-making. Data Driven Culture and Analytics The system will enable trend analysis, early warning indicators and data driven insights to support proactive management of current and emerging risks. Operational Efficiency and Improved Ownership An intuitive user experience, default 'outofthebox' configurability, guided workflows and automation will reduce manual effort and embed firstline ownership of risks and controls, while supporting second line oversight and challenge. High Quality Data and Reporting Automated dashboards and configurable reporting to the Microsoft Office suite will streamline internal and external stakeholder reporting, including for senior management, committees and regulators. Assurance and Regulatory Compliance The platform will facilitate compliance with the UK Corporate Governance Code (including Provision 29) and relevant FCA expectations. Evidence trails, compliance monitoring and control testing will support a robust assurance framework. Core Capability Requirements Initial core capability requirements have been identified, with activities still ongoing to define the full scope of requirements and determine the business units which a GRC tool may be implemented into. A full prioritised list of requirements and business units identified as part of ongoing activities, will be incorporated into future specifications. The current core GRC solution must support, but not be limited to the following key modules: Risk & Control Management - Risk and control library - RCSA: inherent/residual assessments, control tiering and assessments, risk acceptances and outoftolerance management - Heat maps, bow ties and risk scoring matrices - Control improvement actions - Endtoend traceability of risk, control and incident data by risk taxonomy, business unit, policy suite, and key processes Control Testing - Structured workflows, evidence capture and reporting to support assurance activities. Data, Reporting & Analytics - Configurable automated reporting - UK Corporate Governance Code Provision 29aligned reporting - Data ingestion from internal and external sources - Use of AIassisted tooling where appropriate Risk Appetite & Key Risk Indicators - Capture, monitoring and reporting of KRIs and risk appetite metrics. Incident Management - Central reporting portal - End to end incident lifecycle management, including automations - Metrics and trend analysis Policy Management - Governance and maintenance of the policy suite - Evidence based assessment of policy effectiveness using risk, control, testing and incident data Regulatory Compliance - Compliance monitoring plan execution - Horizon scanning and analysis of regulatory changes - Impact assessment of external developments on the control environment Ethics & Integrity - Management and reporting of gifts and hospitality, conflicts of interest, personal account dealing and insider lists. Internal Audit - Audit planning and delivery workflows - Action tracking and reporting Non-Core Capabilities While not central to the initial procurement, the system should also be capable of supporting: - Business continuity and resilience - Programme/project risk management - Third party risk management",
"status": "active",
"items": [
{
"id": "1",
"additionalClassifications": [
{
"scheme": "CPV",
"id": "72212170",
"description": "Compliance software development services"
},
{
"scheme": "CPV",
"id": "72212442",
"description": "Financial systems software development services"
},
{
"scheme": "CPV",
"id": "79212110",
"description": "Corporate governance rating services"
},
{
"scheme": "CPV",
"id": "90711100",
"description": "Risk or hazard assessment other than for construction"
}
],
"deliveryAddresses": [
{
"region": "UK",
"country": "GB",
"countryName": "United Kingdom"
},
{
"region": "UK",
"country": "GB",
"countryName": "United Kingdom"
},
{
"region": "UK",
"country": "GB",
"countryName": "United Kingdom"
},
{
"region": "UK",
"country": "GB",
"countryName": "United Kingdom"
}
],
"relatedLot": "1"
}
],
"value": {
"amountGross": 1320000,
"amount": 1100000,
"currency": "GBP"
},
"procurementMethod": "open",
"procurementMethodDetails": "Competitive flexible procedure",
"procedure": {
"isAccelerated": true,
"acceleratedRationale": "Qualifying planned procurement notice",
"features": "Procurement Specific Questionnaire Invitation to Participate Proof of Concepts"
},
"mainProcurementCategory": "services",
"specialRegime": [
"concession"
],
"aboveThreshold": true,
"coveredBy": [
"GPA"
],
"submissionMethodDetails": "https://www.delta-esourcing.com/respond/4J4GPFS79V",
"submissionTerms": {
"electronicSubmissionPolicy": "allowed",
"languages": [
"en"
]
},
"expressionOfInterestDeadline": "2026-06-05T12:00:00+01:00",
"enquiryPeriod": {
"endDate": "2026-05-29T12:00:00+01:00"
},
"awardPeriod": {
"endDate": "2026-09-22T23:59:59+01:00"
},
"lots": [
{
"id": "1",
"status": "active",
"value": {
"amountGross": 1320000,
"amount": 1100000,
"currency": "GBP"
},
"awardCriteria": {
"criteria": [
{
"type": "price",
"name": "Commercial Offer",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Quality Criteria",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
]
},
{
"type": "price",
"name": "Commercial Offer",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Quality Criteria",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
]
},
{
"type": "price",
"name": "Commercial Offer",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Quality Criteria",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
]
},
{
"type": "price",
"name": "Commercial Offer",
"numbers": [
{
"number": 35,
"weight": "percentageExact"
}
]
},
{
"type": "quality",
"name": "Quality Criteria",
"numbers": [
{
"number": 65,
"weight": "percentageExact"
}
]
}
]
},
"suitability": {
"sme": true,
"vcse": true
},
"contractPeriod": {
"startDate": "2026-10-06T00:00:00+01:00",
"endDate": "2032-10-05T23:59:59+01:00",
"maxExtentDate": "2034-10-05T23:59:59+01:00"
},
"hasRenewal": true,
"renewal": {
"description": "Optional 2 year extension is applicable to this contract"
}
}
],
"communication": {
"futureNoticeDate": "2026-05-18T23:59:59+01:00"
},
"documents": [
{
"id": "conflictOfInterest",
"documentType": "conflictOfInterest",
"description": "Not published"
},
{
"id": "047402-2026",
"documentType": "tenderNotice",
"noticeType": "UK4",
"description": "Tender notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/047402-2026",
"datePublished": "2026-05-21T17:20:09+01:00",
"format": "text/html"
},
{
"id": "047423-2026",
"documentType": "tenderNotice",
"noticeType": "UK4",
"description": "Tender notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/047423-2026",
"datePublished": "2026-05-21T17:53:03+01:00",
"format": "text/html"
},
{
"id": "047427-2026",
"documentType": "tenderNotice",
"noticeType": "UK4",
"description": "Tender notice on Find a Tender",
"url": "https://www.find-tender.service.gov.uk/Notice/047427-2026",
"datePublished": "2026-05-21T17:57:42+01:00",
"format": "text/html"
}
]
},
"language": "en"
}