Electricity Supply Board ( ESB )

N/A

27 Fitzwilliam Street Lower

Dublin

Dublin

IE

[Contactpoint]: Stephen Lawton

[AddressPhone]: +353 17026836

[AddressEmail]: stephen.lawton@esb.ie

[UrlGeneral]: http://www.esb.ie

[UrlBuyerprofile]: https://irl.eu-supply.com/ctm/Company/CompanyInformation/Index/377

[JointProcurementCentral]

[AddressObtainDocs]:  

[AddressFurtherinfo]

[AsContactsAbove]:  

[AddressSendTendersRequest]

[AddressSendTenders]:  http://irl.eu-supply.com/app/rfq/rwlentrance_s.asp?PID=219672&B=ETENDERS_SIMPLE

[AddressSendTendersRequest]

[AddressToAbove]

[MainactivElectricity]

Integrated Governance, Risk &Compliance (GRC) SaaS Solution

[Fileref]:  SS\CON\6514

The Contracting Entity intends to procure a framework agreement for the provision of implementation, Licencing, Support and Maintenance services, for an integrated Governance, Risk & Compliance (GRC) SaaS solution.
Background
The integrated GRC solution will enable simplification, automation and integration of ESB’s Governance, Risk and Compliance activities. These will include the following:
1. Enterprise Risk Management
2. Governance, Internal Control & Operational Risk Management
3. IT Risk Management
4. Cyber Security Risk Management
5. Policy Management
6. Third party Cyber Security Risk Management
7. Business Continuity Management
8. Audit Management
9. Incident and investigation management and reporting
10. Ethics Management & Compliance Management (This is an optional capability)
Full details contained in the Pre-Qualification Questionnaire document: Section A.1.1 General Description of the Proposed Contract

[LotsSubmittedFor]  [LotsMax]: 5

[LotsCombinationPossible]:  

Business-wide Governance Risk & Compliance (GRC)

[LotNumber]:  1

A scalable integrated SaaS solution to support end-to-end standard GRC processes to include at least the following:
a. “Governance” monitoring:
· Attestation process capability to include:
· automatic workflows; summary view (dashboard) of attestation responses (different levels);
· ability to attach, (associate) documents incl. Risk and Control/Treatment Registers to workflows
· attestation metrics (no. of responses within date range, non-respondents etc.)
· capability to run multiple attestations simultaneously
· An easily accessible library of relevant company policies / procedures / processes / role documentation and related documents
· ethics management (optional)
b. Enterprise Risk Management process:
· capturing risks and Controls/Treatments throughout the organisation and cascading upwards & providing summary views;
· an Enterprise-Level “Principal/Strategic Risk” process, supporting the updating/attestations to updates of Principle Risks (automatic workflows, dashboards etc.)
· Metrics on individual Risks, Risk ranking, Mitigations/Controls, Residual Risks and Assurance, Risk and Control Owners; also providing an integrated view of multiple instances and interdependencies
· automatic workflows; summary view of completions and reviews/sign-offs
· Incident management, escalation and reporting
· Incident data uploading capability
c. Compliance (optional)– support for Legal/Regulation/Policy Compliance assurance processes –
· capture of Compliance Risk universe and ranking;
· compliance policies & policy management;
· compliance assurance processes and associated timelines/ cycle frequency;
· compliance reporting functionality;
· Compliance Test Plan
· automatic workflows; summary view of completions and reviews/signoffs

[RenewalsSubject]: [No]

[OptionsDescr]:

Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315

Audit Management & Fraud Incident Management

[LotNumber]:  2

• Audit Management System to manage and automate audit process workflow, including workpaper documentation, issue tracking and reporting for third line internal audit and second line audit functions.
• The solution should cater for multiple audit functions (both second and third line) to separately manage and have a segregated view of their audit activities for each of the following use cases:
o Audit Universe Management
o Audit Plan Scheduling & Resourcing
o Individual Audit Planning and Execution
o Automated Issue/Action Tracking & Follow up
o Dashboard, KPI and Ad-hoc Reporting and Analysis
• Incident Management & Reporting system to centrally track and report on highly confidential information relating to incidents and associated investigations of suspected fraud and protected disclosures across multiple separate business functions.

[RenewalsSubject]: [No]

[OptionsDescr]:

Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315

Cyber Security Risk, Third Party & Policy Compliance Management

[LotNumber]:  3

(i) A scalable integrated Cybersecurity Risk Management solution to support and deliver cybersecurity risk assessments, cybersecurity policy management and compliance & third-party cybersecurity risk management (TPCRM)
(ii) The Integrated Cybersecurity Risk Management solution will provide KPI monitoring/reporting, scorecards and dashboards, external data integration and performance metrics
(iii) The requirement is to support and deliver the Integrated Risk Management solution across the following use cases
o Cybersecurity risk management & assessments
 Provide a standard library for the selection of standard cybersecurity control frameworks
o Cybersecurity policy management including:
 Policy lifecycle management
 Policy exemption management
 Policy attestations
o Third party cybersecurity risk management & assessments including:
 Integration with a provided external 3rd party cybersecurity ratings services to support ongoing third-party risk screening
 Cybersecurity compliance assessments based on industry standard cybersecurity frameworks

[RenewalsSubject]: [No]

[OptionsDescr]:

Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315

Business Continuity Management / Business Impact Assessment

[LotNumber]:  4

The tool will provide the following:
• Business Impact Assessments, Continuity Risk assessments
• Business Continuity & Crisis Management Plans
• Ability to map Interdependencies
• Enable the planning Exercises & Tests-helps to validate the plan content and identify weaknesses and areas for improvement before a real disaster occurs.
• Dash Board and Reporting KPIs
• We may at some future point seek Emergency Mass Notification System (EMNS) capability, but we do not intend to score based on this capability (Optional)

[RenewalsSubject]: [No]

[OptionsDescr]:

Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315

IT Governance & Risk Management

[LotNumber]:  5

• The IT Risk Management Software System solution is required to deliver the following capabilities:
• The Integrated Risk Management software solution will provide KPI monitoring/reporting, scorecards and dashboards, external data integration and performance metrics for IT risk
• The Integrated Risk Management software product must be a cloud-based SaaS and be fully scalable (for future expansion if necessary), e.g., the system must be able to cater for an increase in users, volumes of users logged in concurrently, and increasing data storage or processing power as required in future
• The requirement is to support and deliver the Integrated Risk Management solution across the following:
• Overall IT Risk Management
• IT Activity/Process Risk management
• Cybersecurity risk management (as above)
• Policy Management
• Compliance Risk Management

[RenewalsSubject]: [No]

[OptionsDescr]:

Please consult the associated documentation, which contains full instructions
regarding the submission of responses and is available to download from
www.etenders.gov.ie using RFT ID 219315

[InfoEvaluatingRequir]:  As stated in Procurement Qualification Questionnaire (PQQ) available to download from www.etenders.gov.ie using RFT ID 219315

[CriteriaSelectionDocs]

[InfoEvaluatingWethRequir]:  

[FrameworkSingle]

[Date]:  09/09/2022

[Time]:  12:00

[DurationMonths] : 12  ([FromStatedDate])

1) It is our intention to use the Irish Government Procurement portal
(www.etenders.gov.ie) for this competition. Access to this Portal is free of
charge. Interested parties must formally register their expression of interest for
this competition on eTenders before they can gain access to the PQQ
documentation. All information relating to and including the pre-qualification
documents, any clarifications and changes will be issued/published via this portal. The contracting entity will not accept responsibility for information relayed
(or not relayed) via third parties 2) This is the sole call for competition for this
service. 3) The contracting entity will not be responsible for any costs, charges
or expenses incurred by candidates or tenderers. 4) Contract award will be
subject to the approval of the competent authorities. 5) It will be a condition of
award that candidates are tax compliant. 6) If for any reason it is not possible to
admit to the framework agreement one or more of the tenderers invited following
the conclusion of this competitive process, or having awarded a contract under
the framework agreement, the contracting entity reserves the right to invite the
next highest scoring tenderer to join the framework agreement and/or deliver the
contract as appropriate to the circumstances pertaining to the framework. 7) At
its absolute discretion, the contracting entity may elect to terminate this
procurement process, the framework agreement or any contract awarded under
the framework agreement at any time. 8) Please note in relation to all
documents, that where reference is made to a particular standard, make,
source, process, trademark, type or patent, that this is not to be regarded as a
de facto requirement. In all such cases it should be understood that such
indications are to be treated strictly and solely for reference purposes only, to
which the words "or equivalent" will always be appended. 9) Without prejudice to
the principle of equal treatment, the contracting entity is not obliged to engage in
a clarification process in respect of questionnaires with missing or incomplete
information. Therefore, candidates are advised to ensure that they return fully
completed questionnaires in order to avoid the risk of elimination from the
competition. 10) At Section II.2.9 we have indicated that 5 will be invited to
tender, please note that the contracting entity reserves the right to invite at least
5 subject to that number qualifying.

Chief Registrar

Four Courts, Inns Quay

Dublin 7

IE

[AddressPhone]: +353 18886000

[Internet]: http://www.courts.ie

Not Applicable

Dublin

IE

Precise information on deadline(s) for review procedures:
Precise information on deadline(s) for review procedures:
The Contracting Entity will not conclude this contract until after the expiry of the
standstill period which commences on the day following the date of notification
of concerned tenderers. Review procedures are available in the High Court to a
person who has or has had an interest in obtaining the contract and alleges that he or she has been harmed or is at risk of being harmed by an infringement of
the law in relation to that framework contract.

Consult a legal advisor

Dublin

IE