Provision of a Cyber Security Governance Risk & Compliance Solution

Description

The Cabinet Office requires a Governance, Risk, and Compliance (GRC) tool to enhance its cyber risks and compliance requirements. The tool will enable clear tracking of governance activities, risks and ensure alignment with departmental objectives. Ultimately, this will promote more efficient and well-managed digital services across the department.

Overarching requirements:
Centralised management: Must provide a single platform to record, track, and manage governance activities, risks, and compliance tasks. While the immediate focus is on cyber risks, the ability to serve as a consolidated enterprise risk management tool is also highly valued.

Self- service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management. service reporting: Should offer dashboards and reports for up-to-date visibility for stakeholders and senior management.

Risk Assessment and Tracking: Ability to identify, assess, and monitor risks as well as controls with options for categorisation and prioritisation.

Policy and Compliance Monitoring: Support for capturing and auditing compliance with relevant policies, regulations, and standards.