Governance, Risk and Compliance (GRC) System

FSCS are seeking to procure a Governance, Risk and Compliance (GRC) system to help facilitate the embedment of its Enterprise Risk Management Framework (ERMF). FSCS's ERMF is intended to align the management of the organisation's risks with the ISO31000 Risk Management standard and the FSCS corporate strategy. The GRC system must support the end to end risk management process, automating notifications and tasks relating to risk management activities, providing improved reporting and analytics and delivering an improved user experience.

The GRC system must meet the following minimum capabilities:

•enterprise risk and control data management,
•risk assurance,
•control assessment,
•configure custom data fields,
•change control and versioning
•task management, workflow and notifications,
•permissions management
•reporting and analytics
•business metrics
•risk event management
•data migration

Part of minimum requirements for this procurement is that tenderers bids are within FSCS maximum budget of £120,000 for the initial 3-year contract term for this procurement. Bids priced above £120,000 will not be considered for further evaluation and will be disqualified.

In addition to meeting the Enterprise Risk Management Framework requirements, additional 'secondary' requirements have also been identified in relation to functions including Project Management Office (PMO), Information Technology (IT), Information Security, Legal Compliance and Third-Party Risk. FSCS would like to understand the proposal for if, and consequentially how, the winning Tenderer's GRC system could meet these broader requirements to determine whether to increase the scope of the tool to facilitate these additional teams' needs.