---
title: "Provision of a Governance Risk Compliance Tool"
ocid: "ocds-h6vhtk-032e86"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-032e86"
markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-032e86.md"
json_url: "https://d3tenders.com/contract/ocds-h6vhtk-032e86.json"
source: "Find A Tender Service"
current_stage: "Tender"
buyer: "FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE"
published: "2022-04-19"
---

# Provision of a Governance Risk Compliance Tool

Buyer: FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE  
Current stage: Tender  
OCID: ocds-h6vhtk-032e86

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-032e86)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-032e86.json)

## Summary

The Foreign Commonwealth and Development Office (FCDO) is initiating a procurement process titled "Provision of a Governance Risk Compliance Tool," aimed at enhancing information security risk management. This tender falls under the goods category, specifically concerning security software packages, and is based in the UK. Currently in the planning and tender stages, the deadline for expressing interest in participating in this opportunity is set for 10 May 2022. The process follows a selective procurement method characterised as a restricted procedure, allowing for a focused selection of qualified suppliers.

This opportunity is poised to foster business growth particularly for companies specialising in security software solutions and compliance tools. Participants will need to demonstrate a minimum viable product and address both functional and non-functional requirements that cater to the FCDO's information security needs. Businesses with capabilities in providing comprehensive training and ongoing support are well-suited for this tender, which not only enhances operational efficiency for the FCDO but also creates a platform for successful bidders to expand their market presence in public sector contracts.

## Notice

FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities. The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners. The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews. Functional requirements (for the tool) * Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure * Centrally capture a set of IT systems and services and their assurance status * A mechanism for reporting to colleagues as well as up to board level * Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional * Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) * Minimum of SC clearance for all individuals accessing sensitive FCDO information and data * Tool vendor must have an annual IT Health Check performed by a certified CHECK company * Support multi-factor authentication and single sign on * Compliant with data protection legislation * Documented threat management processes and tools * Ability to integrate with FCDO incident management processes and procedures * Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) * Named UK data centre, with all processing capability and call centre support within UK and EU * Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training * Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract * Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO * Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates * Provide support for end users * Ensure the platform is kept up-to-date, patching should be maintained at N-1

### Lot Information

Lot 1

Detail provided in section II.1.4 is not an exhaustive list of requirements. The Authority requests notes of interest in a potential procurement exercise within fifteen (15) working days of the publication of this notice. At the expiry of this deadline, the Authority will commence pre-tender engagement with interested suppliers, which may involve, but will not be limited to; disclosure of the work in progress requirement set, demonstration of supplier offerings and review of potential contractual arrangements.

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Find A Tender Service |
| Latest notice | https://www.find-tender.service.gov.uk/Notice/010218-2022 |
| Notice type | Planning Notice |
| Procurement type | Standard |
| Procurement category | Goods |
| Procurement method | Selective |
| Procurement method details | Restricted procedure |
| Tender suitability | Not specified |
| Awardee scale | Not specified |
| All stages | Planning, Tender |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 19 Apr 2022 |
| Submission deadline | 10 May 2022 |
| Future notice date | Not specified |
| Award date | Not specified |
| Contract period | Not specified |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | Not specified |
| Lots value | Not specified |
| Awards value | Not specified |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Active |
| Lots status | Active |
| Awards status | Not specified |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE |
| Locality | LONDON |
| Post town | South West London |
| Postcode | SW1A 2AH |
| Country | England |
| ITL 1 | TLI London |
| ITL 2 | TLI3 Inner London - West |
| ITL 3 | TLI35 Westminster and City of London |
| Local authority | Westminster |
| Electoral ward | St James's |
| Westminster constituency | Cities of London and Westminster |
| Delivery location | Not specified |

## CPV Codes

### Divisions

- 48 - Software package and information systems

### Codes

- 48730000 - Security software package

## Release History

- 19 Apr 2022 at 15:02 - Planning - Planning Notice - https://www.find-tender.service.gov.uk/Notice/010218-2022

## Notice URLs

- https://www.gov.uk/government/organisations/foreign-commonwealth-development-office
- https://www.ncsc.gov.uk/collection/cloud-security

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-032e86. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-032e86.json.