A SAP Governance, Risk and Compliance (GRC) Solution Reference number: WA02642

Concepts

• sap
• risk management
• software package
• seascale
• sap user access management
• sap governance
• sap erp system
• sap competency centre
• grc
• solution reference number

Location

Description

The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis. The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC's (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.

CPV Codes

• 48000000 - Software package and information systems
• 72200000 - Software programming and consultancy services

Other Information

BACKGROUND - LANDSCAPE Sellafield has been nearly 80 years in the making. A pioneer for the UK's nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield's history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints. Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country's highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state. The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield's overall approach and any future acquisition strategy in relation to SAP GRC. Interested parties are requested to provide information on how your Company could provide part or all of the technology required. The tool will enable Sellafield to: - manage regulations and compliance and remove or mitigate any risk in managing key operations. - develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value. - demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR. Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN. The priority areas are: • Access Request Management • Segregation of Duties • User Access Reviews • User Behaviour Profiling • Role Management • Emergency Access • Licence Optimisation/Compliance • GDPR Compliance • Audit Compliance • Monitoring/Analytics • Future proofing for S/4 HANA for role migration/testing