---
title: "A SAP Governance, Risk and Compliance (GRC) Solution"
ocid: "ocds-h6vhtk-0293c3"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-0293c3"
markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-0293c3.md"
json_url: "https://d3tenders.com/contract/ocds-h6vhtk-0293c3.json"
source: "Find A Tender Service"
current_stage: "Planning"
buyer: "CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE"
published: "2021-02-17"
---

# A SAP Governance, Risk and Compliance (GRC) Solution

Buyer: CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE  
Current stage: Planning  
OCID: ocds-h6vhtk-0293c3

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-0293c3)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-0293c3.json)

## Summary

The CTM Portal for the NDA Shared Services Alliance is planning to procure a SAP Governance, Risk and Compliance (GRC) Solution, aimed at enhancing compliance and risk management for their SAP ERP System. This procurement is categorised under software and information systems, specifically for goods. Interested suppliers should note that the deadline for responses to this notice is 12pm on 3rd March 2021, with further supplier engagement planned through a presentation session on 8th March 2021. The procurement is currently in the planning stage and is expected to include an initial solution for 10 core users along with additional licenses for emergency access.

This tender presents a significant opportunity for businesses specialising in software programming, consultancy, and specifically those experienced with SAP systems and compliance solutions. Companies that can provide innovative technologies for user access management, data protection compliance, and audit analytics would be particularly well-suited to compete. The focus on automating governance, risk, and compliance processes suggests a preference for solutions that enhance operational efficiency and reduce costs, making this an appealing tender for businesses looking to expand in the public sector, especially within the nuclear decommissioning domain.

## Notice

The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis. The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC's (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.

### Lot Information

Lot 1

BACKGROUND -- LANDSCAPE Sellafield has been nearly 80 years in the making. A pioneer for the UK's nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield's history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints. Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country's highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state. The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield's overall approach and any future acquisition strategy in relation to SAP GRC. Interested parties are requested to provide information on how your Company could provide part or all of the technology required. The tool will enable Sellafield to: - manage regulations and compliance and remove or mitigate any risk in managing key operations. - develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value. - demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR. Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Additional information: The priority areas are: * Access Request Management * Segregation of Duties * User Access Reviews * User Behaviour Profiling * Role Management * Emergency Access * Licence Optimisation/Compliance * GDPR Compliance * Audit Compliance * Monitoring/Analytics * Future proofing for S/4 HANA for role migration/testing

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Find A Tender Service |
| Latest notice | https://www.find-tender.service.gov.uk/Notice/003164-2021 |
| Notice type | Planning Notice |
| Procurement type | Standard |
| Procurement category | Goods |
| Procurement method | Not Specified |
| Procurement method details | Not specified |
| Tender suitability | Not specified |
| Awardee scale | Not specified |
| All stages | Planning |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 17 Feb 2021 |
| Submission deadline | Not specified |
| Future notice date | 1 Apr 2021 |
| Award date | Not specified |
| Contract period | Not specified |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | Not specified |
| Lots value | Not specified |
| Awards value | Not specified |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Planned |
| Lots status | Planned |
| Awards status | Not specified |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE |
| Locality | SEASCALE |
| Post town | Carlisle |
| Postcode | CA20 1PG |
| Country | England |
| ITL 1 | TLD North West (England) |
| ITL 2 | TLD1 Cumbria |
| ITL 3 | TLD13 Cumberland |
| Local authority | Cumberland |
| Electoral ward | Gosforth |
| Westminster constituency | Whitehaven and Workington |
| Delivery location | TLD North West (England) |

## CPV Codes

### Divisions

- 48 - Software package and information systems
- 72 - IT services: consulting, software development, Internet and support

### Codes

- 48000000 - Software package and information systems
- 72200000 - Software programming and consultancy services

## Release History

- 17 Feb 2021 at 10:10 - Planning - Planning Notice - https://www.find-tender.service.gov.uk/Notice/003164-2021

## Notice URLs

- https://sharedsystems.eu-supply.com/app/rfq/rwlentrance_s.asp?PID=13344&B=SELLAFIELD
- https://sharedsystems.eu-supply.com/ctm/Company/CompanyInformation/Index/3510
- https://www.gov.uk/government/case-studies/shared-services-alliance-ssa-for-nuclear-decommissioning-estate

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-0293c3. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-0293c3.json.