Planning

Governance Risk and Compliance tool

BRITISH BUSINESS BANK PLC

This public procurement record has 1 release in its history.

Planning

23 Mar 2026 at 14:42

UK3 - Planned Procurement Notice
Summary of the contracting process

The British Business Bank Plc, a central government public authority based in Sheffield, is in the planning stage of procuring a Governance Risk and Compliance (GRC) tool. This scalable and integrated software solution aims to strengthen organisational growth and regulatory compliance by consolidating risk data into a unified platform. Notable dates include the expression of interest deadline on 29th June 2026 and the enquiry period ending on 26th June 2026. The procurement method is an open competitive flexible procedure, featuring invitations to participate and tender, with proof of concepts expected. The contract, valued at £1,320,000 gross, will run from 31st October 2026 to 31st October 2032, with a potential two-year extension.

This procurement opportunity can foster significant business growth, particularly for enterprises experienced in compliance software development services, financial systems software, and corporate governance rating services. Small and medium-sized enterprises (SMEs) and voluntary, community and social enterprises (VCSEs) are particularly encouraged to respond, given the suitability criteria. With the opportunity to develop an intuitive platform driven by data analytics and operational efficiency, businesses can expand their offerings into high-value government projects. The competitive weighting of 65% on quality criteria alongside 35% on the commercial offer indicates a favourable environment for businesses prioritising innovation and user experience in compliance software solutions.

Find more tenders on our Open Data Platform.
How relevant is this notice?

Notice Information

Notice Title

Governance Risk and Compliance tool

Notice Description

Description The Authority aims to procure a scalable, integrated Governance, Risk and Compliance (GRC) software solution, capable of supporting its organisational growth and any required regulatory obligations. The solution is intended to consolidate risk data from across the Authority into a single platform that strengthens oversight, enhances analysis & reporting, improves operational efficiency, and ensures accountability. A GRC tool may also provide the opportunity to identify data synergies and move away from several systems used across the Authority. Strategic Objectives Integrated View of the Risk and Control Environment A unified cloud-based platform will provide a single source of truth for risks, controls, incidents, actions and metrics. Full traceability will be maintained across taxonomies, business units, policies and key processes, improving framework integration, transparency and decision-making. Data Driven Culture and Analytics The system will enable trend analysis, early warning indicators and data driven insights to support proactive management of current and emerging risks. Operational Efficiency and Improved Ownership An intuitive user experience, default 'outofthebox' configurability, guided workflows and automation will reduce manual effort and embed firstline ownership of risks and controls, while supporting second line oversight and challenge. High Quality Data and Reporting Automated dashboards and configurable reporting to the Microsoft Office suite will streamline internal and external stakeholder reporting, including for senior management, committees and regulators. Assurance and Regulatory Compliance The platform will facilitate compliance with the UK Corporate Governance Code (including Provision 29) and relevant FCA expectations. Evidence trails, compliance monitoring and control testing will support a robust assurance framework. Core Capability Requirements Initial core capability requirements have been identified, with activities still ongoing to define the full scope of requirements and determine the business units which a GRC tool may be implemented into. A full prioritised list of requirements and business units identified as part of ongoing activities, will be incorporated into future specifications. The current core GRC solution must support, but not be limited to the following key modules: Risk & Control Management - Risk and control library - RCSA: inherent/residual assessments, control tiering and assessments, risk acceptances and outoftolerance management - Heat maps, bow ties and risk scoring matrices - Control improvement actions - Endtoend traceability of risk, control and incident data by risk taxonomy, business unit, policy suite, and key processes Control Testing - Structured workflows, evidence capture and reporting to support assurance activities. Data, Reporting & Analytics - Configurable automated reporting - UK Corporate Governance Code Provision 29aligned reporting - Data ingestion from internal and external sources - Use of AIassisted tooling where appropriate Risk Appetite & Key Risk Indicators - Capture, monitoring and reporting of KRIs and risk appetite metrics. Incident Management - Central reporting portal - End to end incident lifecycle management, including automations - Metrics and trend analysis Policy Management - Governance and maintenance of the policy suite - Evidence based assessment of policy effectiveness using risk, control, testing and incident data Regulatory Compliance - Compliance monitoring plan execution - Horizon scanning and analysis of regulatory changes - Impact assessment of external developments on the control environment Ethics & Integrity - Management and reporting of gifts and hospitality, conflicts of interest, personal account dealing and insider lists. Internal Audit - Audit planning and delivery workflows - Action tracking and reporting Non-Core Capabilities While not central to the initial procurement, the system should also be capable of supporting: - Business continuity and resilience - Programme/project risk management - Third party risk management For more information about this opportunity, please visit the Delta eSourcing portal at: https://www.delta-esourcing.com/tenders/UK-UK-Sheffield:-Compliance-software-development-services./7P8D4R6M38 To respond to this opportunity, please click here: https://www.delta-esourcing.com/respond/7P8D4R6M38

Lot Information

Lot 1

Renewal: Optional 2 year extension is applicable to this contract

Notice Details

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-067195
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/026336-2026
Current Stage
Planning
All Stages
Planning

Procurement Classification

Notice Type
UK3 - Planned Procurement Notice
Procurement Type
Standard
Procurement Category
Services
Procurement Method
Open
Procurement Method Details
Competitive flexible procedure
Tender Suitability
SME, VCSE
Awardee Scale
Not specified

Common Procurement Vocabulary (CPV)

CPV Divisions

72 - IT services: consulting, software development, Internet and support

79 - Business services: law, marketing, consulting, recruitment, printing and security

90 - Sewage, refuse, cleaning and environmental services

CPV Codes

72212170 - Compliance software development services

72212442 - Financial systems software development services

79212110 - Corporate governance rating services

90711100 - Risk or hazard assessment other than for construction

Notice Value(s)

Tender Value
£1,100,000 £1M-£10M
Lots Value
£1,100,000 £1M-£10M
Awards Value
Not specified
Contracts Value
Not specified

Notice Dates

Publication Date
23 Mar 20261 weeks ago
Submission Deadline
26 Jun 20263 months to go
Future Notice Date
18 May 20262 months to go
Award Date
Not specified
Contract Period
31 Oct 2026 - 31 Oct 2032 Over 5 years
Recurrence
Not specified

Notice Status

Tender Status
Planned
Lots Status
Planned
Awards Status
Not Specified
Contracts Status
Not Specified

Buyer & Supplier

Contracting Authority (Buyer)

Main Buyer
BRITISH BUSINESS BANK PLC
Contact Name
Available with D3 Tenders Premium →
Contact Email
Available with D3 Tenders Premium →
Contact Phone
Available with D3 Tenders Premium →

Buyer Location

Locality
SHEFFIELD
Postcode
S1 2GQ
Post Town
Sheffield
Country
England
Major Region (ITL 1)
TLE Yorkshire and The Humber
Basic Region (ITL 2)
TLE3 South Yorkshire
Small Region (ITL 3)
TLE32 Sheffield
Delivery Location
Not specified
Local Authority
Sheffield
Electoral Ward
City
Westminster Constituency
Sheffield Central

Further Information

Notice Documents

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts. 

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-067195-2026-03-23T14:42:09Z",
    "date": "2026-03-23T14:42:09Z",
    "ocid": "ocds-h6vhtk-067195",
    "initiationType": "tender",
    "planning": {
        "documents": [
            {
                "id": "026336-2026",
                "documentType": "plannedProcurementNotice",
                "noticeType": "UK3",
                "description": "Planned procurement notice on Find a Tender",
                "url": "https://www.find-tender.service.gov.uk/Notice/026336-2026",
                "datePublished": "2026-03-23T14:42:09Z",
                "format": "text/html"
            }
        ]
    },
    "parties": [
        {
            "id": "GB-PPON-PGTM-8337-GYXM",
            "name": "British Business Bank Plc",
            "identifier": {
                "scheme": "GB-PPON",
                "id": "PGTM-8337-GYXM"
            },
            "address": {
                "streetAddress": "2, West Street",
                "locality": "Sheffield",
                "postalCode": "S1 2GQ",
                "country": "GB",
                "countryName": "United Kingdom",
                "region": "UKE32"
            },
            "contactPoint": {
                "name": "Procurement",
                "email": "procurement@british-business-bank.co.uk",
                "telephone": "01142502892"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "classifications": [
                    {
                        "id": "publicAuthorityCentralGovernment",
                        "scheme": "UK_CA_TYPE",
                        "description": "Public authority - central government"
                    }
                ]
            }
        }
    ],
    "buyer": {
        "id": "GB-PPON-PGTM-8337-GYXM",
        "name": "British Business Bank Plc"
    },
    "tender": {
        "id": "ocds-h6vhtk-067195",
        "legalBasis": {
            "id": "2023/54",
            "scheme": "UKPGA",
            "uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents"
        },
        "title": "Governance Risk and Compliance tool",
        "description": "Description The Authority aims to procure a scalable, integrated Governance, Risk and Compliance (GRC) software solution, capable of supporting its organisational growth and any required regulatory obligations. The solution is intended to consolidate risk data from across the Authority into a single platform that strengthens oversight, enhances analysis & reporting, improves operational efficiency, and ensures accountability. A GRC tool may also provide the opportunity to identify data synergies and move away from several systems used across the Authority. Strategic Objectives Integrated View of the Risk and Control Environment A unified cloud-based platform will provide a single source of truth for risks, controls, incidents, actions and metrics. Full traceability will be maintained across taxonomies, business units, policies and key processes, improving framework integration, transparency and decision-making. Data Driven Culture and Analytics The system will enable trend analysis, early warning indicators and data driven insights to support proactive management of current and emerging risks. Operational Efficiency and Improved Ownership An intuitive user experience, default 'outofthebox' configurability, guided workflows and automation will reduce manual effort and embed firstline ownership of risks and controls, while supporting second line oversight and challenge. High Quality Data and Reporting Automated dashboards and configurable reporting to the Microsoft Office suite will streamline internal and external stakeholder reporting, including for senior management, committees and regulators. Assurance and Regulatory Compliance The platform will facilitate compliance with the UK Corporate Governance Code (including Provision 29) and relevant FCA expectations. Evidence trails, compliance monitoring and control testing will support a robust assurance framework. Core Capability Requirements Initial core capability requirements have been identified, with activities still ongoing to define the full scope of requirements and determine the business units which a GRC tool may be implemented into. A full prioritised list of requirements and business units identified as part of ongoing activities, will be incorporated into future specifications. The current core GRC solution must support, but not be limited to the following key modules: Risk & Control Management - Risk and control library - RCSA: inherent/residual assessments, control tiering and assessments, risk acceptances and outoftolerance management - Heat maps, bow ties and risk scoring matrices - Control improvement actions - Endtoend traceability of risk, control and incident data by risk taxonomy, business unit, policy suite, and key processes Control Testing - Structured workflows, evidence capture and reporting to support assurance activities. Data, Reporting & Analytics - Configurable automated reporting - UK Corporate Governance Code Provision 29aligned reporting - Data ingestion from internal and external sources - Use of AIassisted tooling where appropriate Risk Appetite & Key Risk Indicators - Capture, monitoring and reporting of KRIs and risk appetite metrics. Incident Management - Central reporting portal - End to end incident lifecycle management, including automations - Metrics and trend analysis Policy Management - Governance and maintenance of the policy suite - Evidence based assessment of policy effectiveness using risk, control, testing and incident data Regulatory Compliance - Compliance monitoring plan execution - Horizon scanning and analysis of regulatory changes - Impact assessment of external developments on the control environment Ethics & Integrity - Management and reporting of gifts and hospitality, conflicts of interest, personal account dealing and insider lists. Internal Audit - Audit planning and delivery workflows - Action tracking and reporting Non-Core Capabilities While not central to the initial procurement, the system should also be capable of supporting: - Business continuity and resilience - Programme/project risk management - Third party risk management For more information about this opportunity, please visit the Delta eSourcing portal at: https://www.delta-esourcing.com/tenders/UK-UK-Sheffield:-Compliance-software-development-services./7P8D4R6M38 To respond to this opportunity, please click here: https://www.delta-esourcing.com/respond/7P8D4R6M38",
        "status": "planned",
        "items": [
            {
                "id": "1",
                "additionalClassifications": [
                    {
                        "scheme": "CPV",
                        "id": "72212170",
                        "description": "Compliance software development services"
                    },
                    {
                        "scheme": "CPV",
                        "id": "72212442",
                        "description": "Financial systems software development services"
                    },
                    {
                        "scheme": "CPV",
                        "id": "79212110",
                        "description": "Corporate governance rating services"
                    },
                    {
                        "scheme": "CPV",
                        "id": "90711100",
                        "description": "Risk or hazard assessment other than for construction"
                    }
                ],
                "deliveryAddresses": [
                    {
                        "region": "UK",
                        "country": "GB",
                        "countryName": "United Kingdom"
                    }
                ],
                "relatedLot": "1"
            }
        ],
        "value": {
            "amountGross": 1320000,
            "amount": 1100000,
            "currency": "GBP"
        },
        "procurementMethod": "open",
        "procurementMethodDetails": "Competitive flexible procedure",
        "procedure": {
            "isAccelerated": true,
            "acceleratedRationale": "Qualifying planned procurement notice",
            "features": "Invitation to Participate Invitation to Tender Proof of Concepts"
        },
        "mainProcurementCategory": "services",
        "specialRegime": [
            "concession"
        ],
        "aboveThreshold": true,
        "coveredBy": [
            "GPA"
        ],
        "submissionMethodDetails": "https://www.delta-esourcing.com",
        "submissionTerms": {
            "electronicSubmissionPolicy": "allowed",
            "languages": [
                "en"
            ]
        },
        "expressionOfInterestDeadline": "2026-06-29T12:00:00+01:00",
        "enquiryPeriod": {
            "endDate": "2026-06-26T12:00:00+01:00"
        },
        "awardPeriod": {
            "endDate": "2026-09-22T23:59:59+01:00"
        },
        "lots": [
            {
                "id": "1",
                "status": "planned",
                "value": {
                    "amountGross": 1320000,
                    "amount": 1100000,
                    "currency": "GBP"
                },
                "awardCriteria": {
                    "criteria": [
                        {
                            "type": "price",
                            "name": "Commercial Offer",
                            "numbers": [
                                {
                                    "number": 35,
                                    "weight": "percentageExact"
                                }
                            ]
                        },
                        {
                            "type": "quality",
                            "name": "Quality Criteria",
                            "numbers": [
                                {
                                    "number": 65,
                                    "weight": "percentageExact"
                                }
                            ]
                        }
                    ]
                },
                "suitability": {
                    "sme": true,
                    "vcse": true
                },
                "contractPeriod": {
                    "startDate": "2026-10-31T00:00:00+00:00",
                    "endDate": "2032-10-31T23:59:59+01:00",
                    "maxExtentDate": "2034-10-31T23:59:59+00:00"
                },
                "hasRenewal": true,
                "renewal": {
                    "description": "Optional 2 year extension is applicable to this contract"
                }
            }
        ],
        "communication": {
            "futureNoticeDate": "2026-05-18T23:59:59+01:00"
        }
    },
    "language": "en"
}