Provision of a Governance Risk Compliance Tool

A Prior Information Notice
by FOREIGN COMMONWEALTH AND DEVELOPMENT OFFICE

Source
Find a Tender
Type
Contract (Supply)
Duration
not specified
Value
___
Sector
TECHNOLOGY
Published
19 Apr 2022
Delivery
not specified
Deadline
10 May 2022 17:00

Concepts

Location

London

Geochart for 2 buyers and 0 suppliers

Description

FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities. The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners. The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews. Functional requirements (for the tool) • Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure • Centrally capture a set of IT systems and services and their assurance status • A mechanism for reporting to colleagues as well as up to board level • Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional • Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) • Minimum of SC clearance for all individuals accessing sensitive FCDO information and data • Tool vendor must have an annual IT Health Check performed by a certified CHECK company • Support multi-factor authentication and single sign on • Compliant with data protection legislation • Documented threat management processes and tools • Ability to integrate with FCDO incident management processes and procedures • Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) • Named UK data centre, with all processing capability and call centre support within UK and EU • Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training • Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract • Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO • Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates • Provide support for end users • Ensure the platform is kept up-to-date, patching should be maintained at N-1

Total Quantity or Scope

Detail provided in section II.1.4 is not an exhaustive list of requirements. The Authority requests notes of interest in a potential procurement exercise within fifteen (15) working days of the publication of this notice. At the expiry of this deadline, the Authority will commence pre-tender engagement with interested suppliers, which may involve, but will not be limited to; disclosure of the work in progress requirement set, demonstration of supplier offerings and review of potential contractual arrangements.

CPV Codes

  • 48730000 - Security software package

Indicators

  • Bids should cover the whole contract.

Other Information

This notice is for information only. The Contracting Authority may or may not subsequently publish a formal contract opportunity notice in the future. The Contracting Authority may, without prejudice, use feedback from the responses and demos to help inform the development of the potential requirement.

Reference

Domains