---
title: "Provision of a Cyber Security Governance Risk & Compliance Solution"
ocid: "ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9"
markdown_url: "https://d3tenders.com/contract/ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9.md"
json_url: "https://d3tenders.com/contract/ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9.json"
source: "Contracts Finder"
current_stage: "Award"
buyer: "CROWN COMMERCIAL SERVICE"
published: "2025-11-13"
---

# Provision of a Cyber Security Governance Risk & Compliance Solution

Buyer: CROWN COMMERCIAL SERVICE  
Current stage: Award  
OCID: ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9.json)

## Summary

The Crown Commercial Service, acting on behalf of the Cabinet Office, has completed the procurement process for the "Provision of a Cyber Security Governance Risk & Compliance Solution." This tender, classified under IT services with the CPV code 72000000, focuses on enhancing cyber risk and compliance requirements with a Governance, Risk, and Compliance (GRC) tool. The procurement process employed a selective method, specifically a call-off from a framework agreement. Key contract dates include a start on 27th October 2025 and an end on 26th October 2027. The contract, valued at £320,000, has been awarded to PHOENIX SOFTWARE LIMITED, with the procurement stage now in the award phase.

This tender presents significant opportunities for businesses specialising in IT services and software development, particularly those with expertise in risk management and compliance solutions. While the chosen procurement method favours established suppliers through framework agreements, companies seeking growth can benefit from understanding such processes to enhance their future competitiveness. Large software companies with a focus on enterprise solutions stand to gain the most from this type of contract, given the centralised management and comprehensive reporting requirements specified by the Cabinet Office.

## Notice

The Cabinet Office requires a Governance, Risk, and Compliance (GRC) tool to enhance its cyber risks and compliance requirements. The tool will enable clear tracking of governance activities, risks and ensure alignment with departmental objectives. Ultimately, this will promote more efficient and well-managed digital services across the department. Overarching requirements: Centralised management: Must provide a single platform to record, track, and manage governance activities, risks, and compliance tasks. While the immediate focus is on cyber risks, the ability to serve as a consolidated enterprise risk management tool is also highly valued. Self- service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. Risk Assessment and Tracking: Ability to identify, assess, and monitor risks as well as controls with options for categorisation and prioritisation. Policy and Compliance Monitoring: Support for capturing and auditing compliance with relevant policies, regulations, and standards.

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Contracts Finder |
| Latest notice | https://www.contractsfinder.service.gov.uk/Notice/9da76c70-7ced-42de-9d21-6ed49d5479fa |
| Notice type | Award Notice |
| Procurement type | Framework |
| Procurement category | Services |
| Procurement method | Selective |
| Procurement method details | Call-off from a framework agreement |
| Tender suitability | Not specified |
| Awardee scale | Large |
| All stages | Award |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 13 Nov 2025 |
| Submission deadline | 19 Oct 2025 |
| Future notice date | Not specified |
| Award date | 27 Oct 2025 |
| Contract period | 27 Oct 2025 - 26 Oct 2027 |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | £320,000 |
| Lots value | Not specified |
| Awards value | £320,000 |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Complete |
| Lots status | Not specified |
| Awards status | Active |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | CROWN COMMERCIAL SERVICE |
| Locality | LIVERPOOL |
| Post town | Liverpool |
| Postcode | L3 9PP |
| Country | England |
| ITL 1 | TLD North West (England) |
| ITL 2 | TLD7 Merseyside |
| ITL 3 | TLD72 Liverpool |
| Local authority | Liverpool |
| Electoral ward | City Centre North |
| Westminster constituency | Liverpool Riverside |
| Delivery location | Not specified |

## Supplier

| Field | Value |
| --- | --- |
| Number of suppliers | 1 |
| Supplier names | PHOENIX SOFTWARE |

## CPV Codes

### Divisions

- 72 - IT services: consulting, software development, Internet and support

### Codes

- 72000000 - IT services: consulting, software development, Internet and support

## Release History

- 13 Nov 2025 at 09:21 - Award - Award Notice - https://www.contractsfinder.service.gov.uk/Notice/9da76c70-7ced-42de-9d21-6ed49d5479fa

## Documents

- https://www.contractsfinder.service.gov.uk/Notice/9da76c70-7ced-42de-9d21-6ed49d5479fa
  13th November 2025 - Awarded contract notice on Contracts Finder
- https://www.contractsfinder.service.gov.uk/Notice/Attachment/5180a012-dc38-4d77-aa46-e79c635b32cc

## Notice URLs

- https://www.gov.uk/government/organisations/crown-commercial-service

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-b5fd17-bc9432df-f245-45ea-bdd1-7c8d845abfb9.json.