RFP QuestBeta
ClosedStage · planning

Foreign Commonwealth and Development Office

Provision of a Governance Risk Compliance Tool

Software & IT SystemsCPV 48730000
ValueValue not published
Deadline10 May 2022
Published19 Apr 2022
RegionNationwide
Timeline
Published 19 Apr 2022ClosedCloses 10 May 2022
Who to contact
ict.commercial@fco.gov.uk
+44 2070080932

The procurement contact named on the official notice.

Match for your company
Sign up free to see how well this tender matches your company — the score, the signals that align, and where the gaps are.
The brief

FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities.

The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners.

The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews.

Functional requirements (for the tool) • Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure • Centrally capture a set of IT systems and services and their assurance status • A mechanism for reporting to colleagues as well as up to board level • Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance) Non-functional • Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent) • Minimum of SC clearance for all individuals accessing sensitive FCDO information and data • Tool vendor must have an annual IT Health Check performed by a certified CHECK company • Support multi-factor authentication and single sign on • Compliant with data protection legislation • Documented threat management processes and tools • Ability to integrate with FCDO incident management processes and procedures • Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security) • Named UK data centre, with all processing capability and call centre support within UK and EU • Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour Implementation & Training • Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract • Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO • Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation Maintenance, support, system updates • Provide support for end users • Ensure the platform is kept up-to-date, patching should be maintained at N-1

Key requirements

What the supplier must deliver

01

FCDO are looking to a third party

FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities.

02

Up to 50 users (but should

Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance).

03

Tool platform should be subject to

Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent).

04

Tool vendor must have an annual IT

Tool vendor must have an annual IT Health Check performed by a certified CHECK company.

05

Support multi-factor authentication and single sign on

Support multi-factor authentication and single sign on.

Derived from the notice text — always confirm against the original documents.

What this bid requires

Skills, tools & certifications

Detected from the notice — the capabilities and credentials this bid calls for. Click one to see who wins that work.

Buyer intelligence

Make the case to bid

Reveal who to approach at Foreign Commonwealth and Development Office, and generate a go-to-market strategy from their news, accounts and people.

Source & provenance
OCID
ocds-h6vhtk-032e86
Stage
planning · Open
Source
Find a Tender
Buyer ref
010218-2022
View the original notice on Find a Tender

Contains public sector information licensed under the Open Government Licence v3.0. Source data © Crown copyright.

Market context

Who wins this kind of work

The suppliers and buyers around this opportunity — drawn from official award data. Drag to orbit; click a node to explore.

Top suppliers & buyers in Software & IT Systems

Assembling the market network…

Foreign Commonwealth and Development Office’s tender network

Assembling the network…

Also open now

Similar open tenders

Provision of Mobile Voice & Data Services- BCH

The Police and Crime Commissioner for Bedfordshire Police, Cambridgeshire Constabulary, and Hertfordshire Constabulary (BCH)

Closes 24 Jul 2026Software & IT Systems
£1.5mValue

Provision of Intelligence/Telecommunications Digital Evidence Software

The Police and Crime Commissioner for Nottinghamshire

Closes 20 Jul 2026Software & IT Systems
£620kValue