The Contracting Entity intends to procure a framework agreement for the provision of implementation, Licencing, Support and Maintenance services, for an integrated Governance, Risk & Compliance (GRC) SaaS solution.
Background
The integrated GRC solution will enable simplification, automation and integration of ESB’s Governance, Risk and Compliance activities. These will include the following:
1. Enterprise Risk Management
2. Governance, Internal Control & Operational Risk Management
3. IT Risk Management
4. Cyber Security Risk Management
5. Policy Management
6. Third party Cyber Security Risk Management
7. Business Continuity Management
8. Audit Management
9. Incident and investigation management and reporting
10. Ethics Management & Compliance Management (This is an optional capability)
Full details contained in the Pre-Qualification Questionnaire document: Section A.1.1 General Description of the Proposed Contract
Deadline
The time limit for receipt of tenders was 2022-09-09.
The procurement was published on 2022-07-27.
Object Scope of the procurement
Title: Integrated Governance, Risk &Compliance (GRC) SaaS Solution
SS\CON\6514
Products/services: IT services: consulting, software development, Internet and support📦
Short description:
“The Contracting Entity intends to procure a framework agreement for the provision of implementation, Licencing, Support and Maintenance services, for an...”
Short description
The Contracting Entity intends to procure a framework agreement for the provision of implementation, Licencing, Support and Maintenance services, for an integrated Governance, Risk & Compliance (GRC) SaaS solution.
Background
The integrated GRC solution will enable simplification, automation and integration of ESB’s Governance, Risk and Compliance activities. These will include the following:
1. Enterprise Risk Management
2. Governance, Internal Control & Operational Risk Management
3. IT Risk Management
4. Cyber Security Risk Management
5. Policy Management
6. Third party Cyber Security Risk Management
7. Business Continuity Management
8. Audit Management
9. Incident and investigation management and reporting
10. Ethics Management & Compliance Management (This is an optional capability)
Full details contained in the Pre-Qualification Questionnaire document: Section A.1.1 General Description of the Proposed Contract
Show more Information about lots
Tenders may be submitted for maximum number of lots: 5
Scope of the procurement
The contracting authority reserves the right to award contracts combining the following lots or groups of lots:
“ESB is initially seeking to procure a fully integrated IT solution in the form of SaaS, that ideally will consist of all of the 5 lots.
However, depending...”
The contracting authority reserves the right to award contracts combining the following lots or groups of lots
ESB is initially seeking to procure a fully integrated IT solution in the form of SaaS, that ideally will consist of all of the 5 lots.
However, depending on the evaluation of Responses to the Tender, a contract may be awarded for a solution of fewer than 5 lots, in any combination or potentially for none of the lots.
1️⃣ Scope of the procurement
Title: Business-wide Governance Risk & Compliance (GRC)
Title
Lot Identification Number: 1
Description
Additional products/services: IT services: consulting, software development, Internet and support📦
Place of performance: Éire/Ireland🏙️
Description of the procurement:
“A scalable integrated SaaS solution to support end-to-end standard GRC processes to include at least the following:
a. “Governance”...”
Description of the procurement
A scalable integrated SaaS solution to support end-to-end standard GRC processes to include at least the following:
a. “Governance” monitoring:
· Attestation process capability to include:
· automatic workflows; summary view (dashboard) of attestation responses (different levels);
· ability to attach, (associate) documents incl. Risk and Control/Treatment Registers to workflows
· attestation metrics (no. of responses within date range, non-respondents etc.)
· capability to run multiple attestations simultaneously
· An easily accessible library of relevant company policies / procedures / processes / role documentation and related documents
· ethics management (optional)
b. Enterprise Risk Management process:
· capturing risks and Controls/Treatments throughout the organisation and cascading upwards & providing summary views;
· an Enterprise-Level “Principal/Strategic Risk” process, supporting the updating/attestations to updates of Principle Risks (automatic workflows, dashboards etc.)
· Metrics on individual Risks, Risk ranking, Mitigations/Controls, Residual Risks and Assurance, Risk and Control Owners; also providing an integrated view of multiple instances and interdependencies
· automatic workflows; summary view of completions and reviews/sign-offs
· Incident management, escalation and reporting
· Incident data uploading capability
c. Compliance (optional)– support for Legal/Regulation/Policy Compliance assurance processes –
· capture of Compliance Risk universe and ranking;
· compliance policies & policy management;
· compliance assurance processes and associated timelines/ cycle frequency;
· compliance reporting functionality;
· Compliance Test Plan
· automatic workflows; summary view of completions and reviews/signoffs
Show more Award criteria
Price is not the only award criterion and all criteria are stated only in the procurement documents
Duration of the contract, framework agreement or dynamic purchasing system
The time frame below is expressed in number of months.
Description
Duration: 60
Information about the limits on the number of candidates to be invited
Envisaged number of candidates: 5
Information about options
Options ✅
Description of options:
“It is envisaged the term of the contract commences on the date when services commence and shall be for a period of up to 60 months with one optional 36...”
Description of options
It is envisaged the term of the contract commences on the date when services commence and shall be for a period of up to 60 months with one optional 36 month extension, and one further optional 24 month extension for a maximum contract of 120 months subject to satisfactory performance. The agreement will be subject to regular operational review.
Show more Description
Additional information:
“Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download...”
Additional information
Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315
2️⃣ Scope of the procurement
Title: Audit Management & Fraud Incident Management
Title
Lot Identification Number: 2
Description
Description of the procurement:
“• Audit Management System to manage and automate audit process workflow, including workpaper documentation, issue tracking and reporting for third line...”
Description of the procurement
• Audit Management System to manage and automate audit process workflow, including workpaper documentation, issue tracking and reporting for third line internal audit and second line audit functions.
• The solution should cater for multiple audit functions (both second and third line) to separately manage and have a segregated view of their audit activities for each of the following use cases:
o Audit Universe Management
o Audit Plan Scheduling & Resourcing
o Individual Audit Planning and Execution
o Automated Issue/Action Tracking & Follow up
o Dashboard, KPI and Ad-hoc Reporting and Analysis
• Incident Management & Reporting system to centrally track and report on highly confidential information relating to incidents and associated investigations of suspected fraud and protected disclosures across multiple separate business functions.
3️⃣ Scope of the procurement
Title: Cyber Security Risk, Third Party & Policy Compliance Management
Title
Lot Identification Number: 3
Description
Description of the procurement:
“(i) A scalable integrated Cybersecurity Risk Management solution to support and deliver cybersecurity risk assessments, cybersecurity policy management and...”
Description of the procurement
(i) A scalable integrated Cybersecurity Risk Management solution to support and deliver cybersecurity risk assessments, cybersecurity policy management and compliance & third-party cybersecurity risk management (TPCRM)
(ii) The Integrated Cybersecurity Risk Management solution will provide KPI monitoring/reporting, scorecards and dashboards, external data integration and performance metrics
(iii) The requirement is to support and deliver the Integrated Risk Management solution across the following use cases
o Cybersecurity risk management & assessments
Provide a standard library for the selection of standard cybersecurity control frameworks
o Cybersecurity policy management including:
Policy lifecycle management
Policy exemption management
Policy attestations
o Third party cybersecurity risk management & assessments including:
Integration with a provided external 3rd party cybersecurity ratings services to support ongoing third-party risk screening
Cybersecurity compliance assessments based on industry standard cybersecurity frameworks
4️⃣ Scope of the procurement
Title: Business Continuity Management / Business Impact Assessment
Title
Lot Identification Number: 4
Description
Description of the procurement:
“The tool will provide the following:
• Business Impact Assessments, Continuity Risk assessments
• Business Continuity & Crisis Management Plans
• Ability to...”
Description of the procurement
The tool will provide the following:
• Business Impact Assessments, Continuity Risk assessments
• Business Continuity & Crisis Management Plans
• Ability to map Interdependencies
• Enable the planning Exercises & Tests-helps to validate the plan content and identify weaknesses and areas for improvement before a real disaster occurs.
• Dash Board and Reporting KPIs
• We may at some future point seek Emergency Mass Notification System (EMNS) capability, but we do not intend to score based on this capability (Optional)
5️⃣ Scope of the procurement
Title: IT Governance & Risk Management
Title
Lot Identification Number: 5
Description
Description of the procurement:
“• The IT Risk Management Software System solution is required to deliver the following capabilities:
• The Integrated Risk Management software solution will...”
Description of the procurement
• The IT Risk Management Software System solution is required to deliver the following capabilities:
• The Integrated Risk Management software solution will provide KPI monitoring/reporting, scorecards and dashboards, external data integration and performance metrics for IT risk
• The Integrated Risk Management software product must be a cloud-based SaaS and be fully scalable (for future expansion if necessary), e.g., the system must be able to cater for an increase in users, volumes of users logged in concurrently, and increasing data storage or processing power as required in future
• The requirement is to support and deliver the Integrated Risk Management solution across the following:
• Overall IT Risk Management
• IT Activity/Process Risk management
• Cybersecurity risk management (as above)
• Policy Management
• Compliance Risk Management
Legal, economic, financial and technical information Conditions for participation
List and brief description of conditions:
“As stated in Procurement Qualification Questionnaire (PQQ) available to download from www.etenders.gov.ie using RFT ID 219315” Economic and financial standing
Selection criteria as stated in the procurement documents
Technical and professional ability
List and brief description of selection criteria:
“As stated in Procurement Qualification Questionnaire (PQQ) available to download from www.etenders.gov.ie using RFT ID 219315”
Procedure Type of procedure
Negotiated procedure with prior call for competition
Information about a framework agreement or a dynamic purchasing system
Framework agreement with a single operator
Information about reduction of the number of solutions or tenders during negotiation or dialogue
Recourse to staged procedure to gradually reduce the number of solutions to be discussed or tenders to be negotiated
Administrative information
Time limit for receipt of tenders or requests to participate: 2022-09-09
12:00 📅
Languages in which tenders or requests to participate may be submitted: English 🗣️
The time frame below is expressed in number of months.
Minimum time frame during which the tenderer must maintain the tender: 12
Complementary information Additional information
“1) It is our intention to use the Irish Government Procurement portal
(www.etenders.gov.ie) for this competition. Access to this Portal is free of
charge....”
1) It is our intention to use the Irish Government Procurement portal
(www.etenders.gov.ie) for this competition. Access to this Portal is free of
charge. Interested parties must formally register their expression of interest for
this competition on eTenders before they can gain access to the PQQ
documentation. All information relating to and including the pre-qualification
documents, any clarifications and changes will be issued/published via this portal. The contracting entity will not accept responsibility for information relayed
(or not relayed) via third parties 2) This is the sole call for competition for this
service. 3) The contracting entity will not be responsible for any costs, charges
or expenses incurred by candidates or tenderers. 4) Contract award will be
subject to the approval of the competent authorities. 5) It will be a condition of
award that candidates are tax compliant. 6) If for any reason it is not possible to
admit to the framework agreement one or more of the tenderers invited following
the conclusion of this competitive process, or having awarded a contract under
the framework agreement, the contracting entity reserves the right to invite the
next highest scoring tenderer to join the framework agreement and/or deliver the
contract as appropriate to the circumstances pertaining to the framework. 7) At
its absolute discretion, the contracting entity may elect to terminate this
procurement process, the framework agreement or any contract awarded under
the framework agreement at any time. 8) Please note in relation to all
documents, that where reference is made to a particular standard, make,
source, process, trademark, type or patent, that this is not to be regarded as a
de facto requirement. In all such cases it should be understood that such
indications are to be treated strictly and solely for reference purposes only, to
which the words "or equivalent" will always be appended. 9) Without prejudice to
the principle of equal treatment, the contracting entity is not obliged to engage in
a clarification process in respect of questionnaires with missing or incomplete
information. Therefore, candidates are advised to ensure that they return fully
completed questionnaires in order to avoid the risk of elimination from the
competition. 10) At Section II.2.9 we have indicated that 5 will be invited to
tender, please note that the contracting entity reserves the right to invite at least
5 subject to that number qualifying.
Show more Review body
Name: Chief Registrar
Postal address: Four Courts, Inns Quay
Postal town: Dublin 7
Country: Ireland 🇮🇪
Phone: +353 18886000📞
URL: http://www.courts.ie🌏 Body responsible for mediation procedures
Name: Not Applicable
Postal town: Dublin
Country: Ireland 🇮🇪 Review procedure
Precise information on deadline(s) for review procedures:
“Precise information on deadline(s) for review procedures:
The Contracting Entity will not conclude this contract until after the expiry of the
standstill...”
Precise information on deadline(s) for review procedures
Precise information on deadline(s) for review procedures:
The Contracting Entity will not conclude this contract until after the expiry of the
standstill period which commences on the day following the date of notification
of concerned tenderers. Review procedures are available in the High Court to a
person who has or has had an interest in obtaining the contract and alleges that he or she has been harmed or is at risk of being harmed by an infringement of
the law in relation to that framework contract.
Show more Service from which information about the review procedure may be obtained
Name: Consult a legal advisor
Postal town: Dublin
Country: Ireland 🇮🇪
Source: OJS 2022/S 146-419257 (2022-07-27)
Additional information (2022-09-06)
Complementary information Original notice reference
Notice number in the OJ S: 2022/S 146-419257
Changes Text to be corrected in the original notice
Section number: IV.2.2
Place of text to be modified: Time limit for receipt of tenders or requests to participate
Old value
Date: 2022-09-09 📅
Time: 12:00
New value
Date: 2022-09-23 📅
Time: 12:00
Source: OJS 2022/S 174-494083 (2022-09-06)