A SAP Governance, Risk and Compliance (GRC) Solution

A Prior Information Notice
by CTM PORTAL FOR THE NDA SHARED SERVICES ALLIANCE

Source
Find a Tender
Type
Contract (Goods)
Duration
not specified
Value
___
Sector
TECHNOLOGY
Published
17 Feb 2021
Delivery
not specified
Deadline
n/a

Concepts

Location

North West England:

Geochart for 1 buyers and 0 suppliers

Description

The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis. The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC’s (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.

Total Quantity or Scope

BACKGROUND — LANDSCAPE Sellafield has been nearly 80 years in the making. A pioneer for the UK’s nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield’s history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints. Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country’s highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state. The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield’s overall approach and any future acquisition strategy in relation to SAP GRC. Interested parties are requested to provide information on how your Company could provide part or all of the technology required. The tool will enable Sellafield to: - manage regulations and compliance and remove or mitigate any risk in managing key operations. - develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value. - demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR. Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Additional information: The priority areas are: • Access Request Management • Segregation of Duties • User Access Reviews • User Behaviour Profiling • Role Management • Emergency Access • Licence Optimisation/Compliance • GDPR Compliance • Audit Compliance • Monitoring/Analytics • Future proofing for S/4 HANA for role migration/testing

CPV Codes

  • 48000000 - Software package and information systems
  • 72200000 - Software programming and consultancy services

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. ** The scope of this requirement may include but is not limited to the following: to supply and implement an On Premise SAP GRC Tool to deliver the requirements as outlined. The initial scope will be for 10 core users and to also include for an additional 60 licences to cover Emergency Access and Access Request users. The solution must also: • provide an automated Segregation of Duties management tool. The SoD tool must support Sellafield internal controls methodology and must allow cross modular checks • provide an audit trail and reports to support internal and external audits • provide User Behaviour Profiling to authorisation object and transaction keystrokes used to enable re-engineering of roles • perform SoD and GDPR checks on new and existing roles • provide an end to end licence management tool for measurement of compliance, optimisation, licence retirement and recycling • The licence Management tool must include analysis and identification of SAP users that are obsolete, duplicated or wrongly assigned licences • The Licence Management tool must give a consolidated view across all systems - SAP ERP Central Component (ECC), Supplier Relationship Management (SRM) and Business Warehouse (BW). • provide real time audit analytics to enable identification and resolution of audit issues • be intuitive and easy to use whilst providing detailed information to the SME’s. • need to support using Active Directory Single Sign-On for SAP in the future. • support the processing of 11,500 Portal users (Employee and Manager Self Service) of which 900 are Back End users Deliverables: The successful Contractor will be required to: • Provide an on premise SAP Governance, Risk and Compliance Solution initially licensed for 10 core users and to also include for an additional 60 licences to cover Emergency Access and Access Request users. • The above solution should include any associated hardware, software, initial set-up/configuration and/or professional services fees • Provide ongoing training, implementation and maintenance support for the solution Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. Sellafield is seeking to gather information from suppliers with a capability to provide the services either in part or in whole. If suppliers wish to respond to this notice, please provide the following: 1. Company Name; 2. Contact details, including locations, telephone number, email address, main point of contact and position in company; 3. Details of your company's core skills in relation to the scope outlined in this notice; 4. Provide solutions from your portfolio that will deliver the scope of requirements and value to Sellafield, with an indicative outline of the delivery to scope and associated cost models. Outlining the benefits of each; 5. Case studies from any similar projects (considering the details outlined in section II.3) that your company has completed within a regulated environment in the last 2 years. Please provide your responses to the questions above to the contact person detail in section I.1) of this notice no later than 12pm on 3rd March 2021 . Suppliers to note that Sellafield are proposing to hold a ‘Supplier Presentation Session’ on 8th March. This will be dependent on the responses received. A response to this PIN does not guarantee any invitation to participate in any future procurement process that Sellafield may conduct. Applicants will be required to participate in a tender process.

Reference

Domains