---
title: "DDaT Enterprise GRC Tooling"
ocid: "ocds-h6vhtk-066447"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-066447"
markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-066447.md"
json_url: "https://d3tenders.com/contract/ocds-h6vhtk-066447.json"
source: "Find A Tender Service"
current_stage: "Planning"
buyer: "NHS BUSINESS SERVICES AUTHORITY"
published: "2026-03-06"
---

# DDaT Enterprise GRC Tooling

Buyer: NHS BUSINESS SERVICES AUTHORITY  
Current stage: Planning  
OCID: ocds-h6vhtk-066447

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-066447)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-066447.json)

## Summary

The NHS Business Services Authority, located in Newcastle upon Tyne, is planning a procurement process under the category of IT services and software packages, aimed at implementing Enterprise Governance, Risk, and Compliance (GRC) tooling. This initiative is part of a broader engagement strategy with the procurement currently at the planning stage. The objective is to enhance platform capabilities that support governance activities for the NHS, by moving towards a consolidated, AI-enabled framework to improve real-time visibility and accountability. Interested parties should note that responses to the Request for Information (RFI) need to be submitted by 10th April 2026.

This tender presents an opportunity for businesses specialising in IT services, particularly those versed in GRC platforms, to collaborate with the NHS and contribute to their service improvement goals. Companies capable of delivering AI-driven solutions that improve risk management, compliance, audit activities, and allow scalability over time are likely to be well-suited for this procurement process. Given the contract's potential value of £350,000 to £420,000, it is an auspicious opportunity for small and medium-sized enterprises aiming to grow their footprint within public sector IT ecosystems.

## Notice

The purpose of this Request for Information (RFI) is to conduct market research to identify Governance, Risk and Compliance (GRC) tooling that could support DDaT governance activities. We are seeking information on platforms or tools that enable: 1. Risk Management 2. Audit Management 3. Compliance Management

### Planning Information

The NHS Business Services Authority (NHSBSA) is an Arm’s Length Body of the Department of Health and Social Care, responsible for providing platforms and delivering services that support the priorities of the NHS, Government and local health economies. Over £100 billion of NHS spend flows through our systems annually.
Our purpose is to deliver business service excellence to the NHS to help people live longer, healthier lives. Our vision is to be the provider of national, at scale business services for the health and social care system, transforming and delivering these services to maximise efficiency and meet customer expectations.
As part of strengthening our governance capability, we are seeking to move beyond fragmented processes and manual reporting towards a dynamic, insight-driven Governance, Risk and Compliance (GRC) environment.
Our ambition is to implement tooling that:
• Provides near real-time visibility across organisational risk, audit, and compliance activities
• Enables clear traceability between risks, controls, compliance obligations, and audit activity
• Records a full history of changes to risks, controls, compliance items, and evidence, maintaining audit trails and version tracking for transparency and accountability
• Supports proactive risk management and assurance, rather than retrospective reporting
• Enables trend analysis and thematic insight across the organisation
• Reduces duplication of effort through control reuse and structured assurance mapping
• Improves accountability through clear ownership, workflow, and approval processes
We are particularly interested in solutions that:
• Treat GRC as an interconnected system rather than isolated processes
• Provide intuitive dashboards suitable for senior leadership and governance reporting
• Enable monitoring of control effectiveness and impact analysis across multiple domains
• Maintain a full historical record of changes to support governance, oversight, and assurance reporting
• Support scalable governance maturity over time
The ambition is not merely to digitise existing processes, but to strengthen decision-making, organisational oversight, and enterprise-wide transparency through structured, connected GRC tooling.
Use of Artificial Intelligence and Automation
We recognise that modern Governance, Risk and Compliance (GRC) platforms increasingly incorporate artificial intelligence (AI), machine learning, and intelligent automation capabilities.
As part of this market engagement, we are interested in understanding how AI-enabled functionality could enhance:
• Risk identification and trend detection
• Predictive risk analysis and early warning indicators
• Automated control monitoring and anomaly detection
• Intelligent workflow routing and prioritisation
• Evidence reviews and document classification
• Thematic analysis across audit findings, risks and compliance data
• Reduction of manual administrative burden
Any AI capability should:
• Be transparent and explainable in its outputs
• Support human oversight and governance decision-making
• Operate within appropriate data protection, security and ethical boundaries
• Clearly describe model training sources and data usage (where applicable)
We are seeking insight into both current AI functionality and planned roadmap developments.
Please download the documentation and send your response to this RFI via the Atamis portal ( https://atamis-1928.my.site.com/s/Welcome).

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Find A Tender Service |
| Latest notice | https://www.find-tender.service.gov.uk/Notice/020446-2026 |
| Notice type | UK2 - Preliminary Market Engagement Notice |
| Procurement type | Standard |
| Procurement category | Services |
| Procurement method | Not Specified |
| Procurement method details | Not specified |
| Tender suitability | SME |
| Awardee scale | Not specified |
| All stages | Planning |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 6 Mar 2026 |
| Submission deadline | Not specified |
| Future notice date | 10 Apr 2026 |
| Award date | Not specified |
| Contract period | 30 Sep 2026 - 30 Sep 2028 |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | £350,000 |
| Lots value | Not specified |
| Awards value | Not specified |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Planning |
| Lots status | Planning |
| Awards status | Not specified |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | NHS BUSINESS SERVICES AUTHORITY |
| Locality | NEWCASTLE UPON TYNE |
| Post town | Newcastle upon Tyne |
| Postcode | NE15 8NY |
| Country | England |
| ITL 1 | TLC North East (England) |
| ITL 2 | TLC4 Northumberland, Durham and Tyne & Wear |
| ITL 3 | TLC43 Tyneside |
| Local authority | Newcastle upon Tyne |
| Electoral ward | Lemington |
| Westminster constituency | Newcastle upon Tyne Central and West |
| Delivery location | Not specified |

## CPV Codes

### Divisions

- 48 - Software package and information systems
- 72 - IT services: consulting, software development, Internet and support

### Codes

- 48517000 - IT software package
- 72000000 - IT services: consulting, software development, Internet and support

## Release History

- 6 Mar 2026 at 14:11 - Planning - UK2 - Preliminary Market Engagement Notice - https://www.find-tender.service.gov.uk/Notice/020446-2026

## Documents

- https://www.find-tender.service.gov.uk/Notice/020446-2026
  6th March 2026 - Preliminary market engagement notice on Find a Tender

## Notice URLs

- https://atamis-1928.my.site.com/s/Welcome
- https://www.legislation.gov.uk/ukpga/2023/54/contents
- https://www.nhsbsa.nhs.uk/

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-066447. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-066447.json.
