Foreign Commonwealth and Development Office
Provision of a Governance Risk Compliance Tool
FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities.
The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners.
The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews.
Functional requirements (for the tool) • Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure • Centrally capture a set of IT systems and services and their assurance status • A mechanism for reporting to colleagues as well as up to board level • Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional • Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) • Minimum of SC clearance for all individuals accessing sensitive FCDO information and data • Tool vendor must have an annual IT Health Check performed by a certified CHECK company • Support multi-factor authentication and single sign on • Compliant with data protection legislation • Documented threat management processes and tools • Ability to integrate with FCDO incident management processes and procedures • Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) • Named UK data centre, with all processing capability and call centre support within UK and EU • Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training • Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract • Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO • Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates • Provide support for end users • Ensure the platform is kept up-to-date, patching should be maintained at N-1
What the supplier must deliver
FCDO are looking to a third party
FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities.
Up to 50 users (but should
Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance).
Tool platform should be subject to
Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent).
Tool vendor must have an annual IT
Tool vendor must have an annual IT Health Check performed by a certified CHECK company.
Support multi-factor authentication and single sign on
Support multi-factor authentication and single sign on.
Derived from the notice text — always confirm against the original documents.
Skills, tools & certifications
Detected from the notice — the capabilities and credentials this bid calls for. Click one to see who wins that work.
Make the case to bid
Reveal who to approach at Foreign Commonwealth and Development Office, and generate a go-to-market strategy from their news, accounts and people.
- OCID
- ocds-h6vhtk-032e86
- Stage
- planning · Open
- Source
- Find a Tender
- Buyer ref
- 010218-2022
Contains public sector information licensed under the Open Government Licence v3.0. Source data © Crown copyright.
Who wins this kind of work
The suppliers and buyers around this opportunity — drawn from official award data. Drag to orbit; click a node to explore.
Top suppliers & buyers in Software & IT Systems
Assembling the market network…
Foreign Commonwealth and Development Office’s tender network
Assembling the network…
Similar open tenders
Provision of Mobile Voice & Data Services- BCH
The Police and Crime Commissioner for Bedfordshire Police, Cambridgeshire Constabulary, and Hertfordshire Constabulary (BCH)
Provision of Intelligence/Telecommunications Digital Evidence Software
The Police and Crime Commissioner for Nottinghamshire