The provision of a GRC platform to manage its current Cyber Risk, Enterprise Risk, Audit & Compliance, Third Party and Document/Policy Management requirements.

Project goals

To implement a solution that:

• Ensures consistent adherence to evolving regulatory requirements and industry standards through automated compliance checks and notifications.
• Minimises the risk of human error through automated data validation
• Consolidates all relevant information into a single, easily accessible platform,
• Enhances data integrity and accuracy through version control and audit trails
• Facilitates efficient search and retrieval of information, reducing time spent on manual data gathering and improving overall productivity.
• Enables and facilitates the management of full lifecycle of risk within the organization.
• Generates accurate, timely, and customisable reports for both internal stakeholders (e.g., senior management, board of directors) and external regulators

Scope

• Vendor is required to deliver architecture design, including data model, process diagrams, and integration points for the GRC solution at the implementation stage
• At the customisation and integration stage, Vendor is expected to deliver configuration plans for customisation and integration specification.
• At the implementation and customisation stage, the vendor is expected to provide test plans and results for system integration, user acceptance, and performance testing. Vendor is also expected to deliver role-based training documentation and user guides for the configured GRC solution.
• At the customisation stage, the vendor is expected to provide templates and configurations for required reports and dashboards, including risk heat maps and compliance posture reports. Furthermore, vendor is expected to provide documentation on configured workflows and automation rules.
• At the final implementation phase, Vendor is required to deliver the final configured and tested GRC solution in the production environment.
• Following completion of implementation, Vendor is required to provide a detailed plan for ongoing support, including refresher training and system maintenance