{ "tag": [ "compiled" ], "id": "ocds-h6vhtk-066447-2026-03-06T14:11:18Z", "date": "2026-03-06T14:11:18Z", "ocid": "ocds-h6vhtk-066447", "initiationType": "tender", "parties": [ { "id": "GB-PPON-PRLZ-1599-JGTT", "name": "NHS Business Services Authority", "identifier": { "scheme": "GB-PPON", "id": "PRLZ-1599-JGTT" }, "address": { "streetAddress": "Stella House, Goldcrest Way, Newburn Riverside", "locality": "Newcastle upon Tyne", "postalCode": "NE15 8NY", "country": "GB", "countryName": "United Kingdom", "region": "UKC22" }, "contactPoint": { "email": "nhsbsa.commercialservicesteam@nhsbsa.nhs.uk" }, "roles": [ "buyer" ], "details": { "url": "https://www.nhsbsa.nhs.uk/", "classifications": [ { "id": "publicAuthorityCentralGovernment", "scheme": "UK_CA_TYPE", "description": "Public authority - central government" } ] } } ], "buyer": { "id": "GB-PPON-PRLZ-1599-JGTT", "name": "NHS Business Services Authority" }, "planning": { "milestones": [ { "id": "engagement", "type": "engagement", "description": "The NHS Business Services Authority (NHSBSA) is an Arm's Length Body of the Department of Health and Social Care, responsible for providing platforms and delivering services that support the priorities of the NHS, Government and local health economies. Over PS100 billion of NHS spend flows through our systems annually. Our purpose is to deliver business service excellence to the NHS to help people live longer, healthier lives. Our vision is to be the provider of national, at scale business services for the health and social care system, transforming and delivering these services to maximise efficiency and meet customer expectations. As part of strengthening our governance capability, we are seeking to move beyond fragmented processes and manual reporting towards a dynamic, insight-driven Governance, Risk and Compliance (GRC) environment. Our ambition is to implement tooling that: * Provides near real-time visibility across organisational risk, audit, and compliance activities * Enables clear traceability between risks, controls, compliance obligations, and audit activity * Records a full history of changes to risks, controls, compliance items, and evidence, maintaining audit trails and version tracking for transparency and accountability * Supports proactive risk management and assurance, rather than retrospective reporting * Enables trend analysis and thematic insight across the organisation * Reduces duplication of effort through control reuse and structured assurance mapping * Improves accountability through clear ownership, workflow, and approval processes We are particularly interested in solutions that: * Treat GRC as an interconnected system rather than isolated processes * Provide intuitive dashboards suitable for senior leadership and governance reporting * Enable monitoring of control effectiveness and impact analysis across multiple domains * Maintain a full historical record of changes to support governance, oversight, and assurance reporting * Support scalable governance maturity over time The ambition is not merely to digitise existing processes, but to strengthen decision-making, organisational oversight, and enterprise-wide transparency through structured, connected GRC tooling. Use of Artificial Intelligence and Automation We recognise that modern Governance, Risk and Compliance (GRC) platforms increasingly incorporate artificial intelligence (AI), machine learning, and intelligent automation capabilities. As part of this market engagement, we are interested in understanding how AI-enabled functionality could enhance: * Risk identification and trend detection * Predictive risk analysis and early warning indicators * Automated control monitoring and anomaly detection * Intelligent workflow routing and prioritisation * Evidence reviews and document classification * Thematic analysis across audit findings, risks and compliance data * Reduction of manual administrative burden Any AI capability should: * Be transparent and explainable in its outputs * Support human oversight and governance decision-making * Operate within appropriate data protection, security and ethical boundaries * Clearly describe model training sources and data usage (where applicable) We are seeking insight into both current AI functionality and planned roadmap developments. Please download the documentation and send your response to this RFI via the Atamis portal ( https://atamis-1928.my.site.com/s/Welcome).", "dueDate": "2026-04-10T23:59:59+01:00", "status": "scheduled" } ], "documents": [ { "id": "020446-2026", "documentType": "marketEngagementNotice", "noticeType": "UK2", "description": "Preliminary market engagement notice on Find a Tender", "url": "https://www.find-tender.service.gov.uk/Notice/020446-2026", "datePublished": "2026-03-06T14:11:18Z", "format": "text/html" } ] }, "tender": { "id": "C429685", "legalBasis": { "id": "2023/54", "scheme": "UKPGA", "uri": "https://www.legislation.gov.uk/ukpga/2023/54/contents" }, "title": "DDaT Enterprise GRC Tooling", "description": "The purpose of this Request for Information (RFI) is to conduct market research to identify Governance, Risk and Compliance (GRC) tooling that could support DDaT governance activities. We are seeking information on platforms or tools that enable: 1. Risk Management 2. Audit Management 3. Compliance Management", "items": [ { "id": "1", "additionalClassifications": [ { "scheme": "CPV", "id": "48517000", "description": "IT software package" }, { "scheme": "CPV", "id": "72000000", "description": "IT services: consulting, software development, Internet and support" } ], "relatedLot": "1" } ], "value": { "amountGross": 420000, "amount": 350000, "currency": "GBP" }, "mainProcurementCategory": "services", "aboveThreshold": true, "lots": [ { "id": "1", "suitability": { "sme": true }, "contractPeriod": { "startDate": "2026-10-01T00:00:00+01:00", "endDate": "2028-09-30T23:59:59+01:00" }, "status": "planning" } ], "status": "planning" }, "language": "en" }