Section one: Contracting authority
one.1) Name and addresses
Foreign Commonwealth and Development Office
King Charles Street
London
SW1A 2AH
Telephone
+44 2070080932
Country
United Kingdom
NUTS code
UK - United Kingdom
Internet address(es)
Main address
https://www.gov.uk/government/organisations/foreign-commonwealth-development-office
one.2) Information about joint procurement
The contract is awarded by a central purchasing body
one.3) Communication
Additional information can be obtained from the above-mentioned address
Tenders or requests to participate must be submitted electronically via
https://www.gov.uk/government/organisations/foreign-commonwealth-development-office
Tenders or requests to participate must be submitted to the above-mentioned address
one.4) Type of the contracting authority
Ministry or any other national or federal authority
one.5) Main activity
General public services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Provision of a Governance Risk Compliance Tool
Reference number
CPG/7899/2022
two.1.2) Main CPV code
- 48730000 - Security software package
two.1.3) Type of contract
Supplies
two.1.4) Short description
FCDO are looking to a third party to introduce and implement a new GRC tool to be used by ICSU for information security risk management and assurance activities. The tool will be used to record all risks above risk appetite, track actions and communicate with risk owners and action owners. The tool will be used to record all FCDOs systems and services, their assurance status, outstanding tasks and send reminders to users for system reviews.
Functional requirements (for the tool)
• Centrally capture information security risks, security vulnerabilities, audit findings, regulatory obligations and other issues across technology infrastructure
• Centrally capture a set of IT systems and services and their assurance status
• A mechanism for reporting to colleagues as well as up to board level
• Up to 50 users (but should be scalable) with varying access requirements (e.g. those reviewing risks, those reviewing assurance)
Non-functional
• Tool platform should be subject to a recognised security certification (ISO/IEC 27001:2013 / Cyber Essentials or equivalent)
• Minimum of SC clearance for all individuals accessing sensitive FCDO information and data
• Tool vendor must have an annual IT Health Check performed by a certified CHECK company
• Support multi-factor authentication and single sign on
• Compliant with data protection legislation
• Documented threat management processes and tools
• Ability to integrate with FCDO incident management processes and procedures
• Follows NCSC good cloud security principles and guidance (https://www.ncsc.gov.uk/collection/cloud-security)
• Named UK data centre, with all processing capability and call centre support within UK and EU
• Return To Operation (RTO) time should be no more than 24 hours and Return Point Objectives (RPO) time no more than 1 hour
Implementation & Training
• Bidders will be asked to demonstrate a minimum viable product (MVP) as part of any procurement and be potentially able to deploy into a live environment within 3 months of contract
• Throughout implementation, the tool platform should be tailored as appropriate for the business needs of the FCDO
• Capability to supply end-to-end training on the tool platform, including train the trainer and comprehensive documentation
Maintenance, support, system updates
• Provide support for end users
• Ensure the platform is kept up-to-date, patching should be maintained at N-1
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.2) Additional CPV code(s)
- 48730000 - Security software package
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
Detail provided in section II.1.4 is not an exhaustive list of requirements.
The Authority requests notes of interest in a potential procurement exercise within fifteen (15) working days of the publication of this notice.
At the expiry of this deadline, the Authority will commence pre-tender engagement with interested suppliers, which may involve, but will not be limited to; disclosure of the work in progress requirement set, demonstration of supplier offerings and review of potential
contractual arrangements.
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Restricted procedure
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.2) Time limit for receipt of expressions of interest
Date
10 May 2022
Local time
5:00pm
four.2.4) Languages in which tenders or requests to participate may be submitted
English
Section six. Complementary information
six.3) Additional information
This notice is for information only.
The Contracting Authority may or may not subsequently publish a formal contract
opportunity notice in the future.
The Contracting Authority may, without prejudice, use feedback from the responses and demos to help inform the development of the potential requirement.
six.4) Procedures for review
six.4.1) Review body
High Royal courts of Justice
London
Country
United Kingdom