Supply SAP GRC Solution to Sellafield

Supply SAP GRC Solution to Sellafield

The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System.

A SAP Governance, Risk and Compliance (GRC) Solution Reference number: WA02642

Contract summary



  • Software package and information systems – 48000000
  • Software programming and consultancy services – 72200000

Location of contract

North West

Procurement reference

CTM RFT 12965

Published date

18 February 2021

Closing date

3 March 2021

Contract is suitable for SMEs?


Contract is suitable for VCSEs?





The scope of this requirement is for a GRC (governance, risk management and compliance) solution for SAP ERP System to help manage compliance and remove/mitigate risks on an ongoing basis.
The current process for SAP User Access management, Human Capital Management (HCM) and non-HCM Segregation of Duties (SoD), Emergency Access Management and Role Management are manual paper-based processes managed by BUC’s (Business User Controllers) and the SAP Competency Centre. Checking for compliance and segregation of duties is very limited and the business does not have the skills to maintain the matrices at this level on a manual basis due to the complexity of SAP Authorisations.


More information


Additional text
Sellafield has been nearly 80 years in the making. A pioneer for the UK’s nuclear industry, it supported national defence, generated electricity for nearly half a century, and developed the ability to safely manage nuclear waste. Each chapter of Sellafield’s history delivered great benefit for the country while creating a complex nuclear clean-up challenge for which there are no blueprints.
Today, Sellafield covers 6 square kilometres and is home to more than 200 nuclear facilities and the largest inventory of untreated nuclear waste in the world. From cleaning-up the country’s highest nuclear risks and hazards to safeguarding nuclear fuel, materials and waste, our mission is nationally important. Our purpose is to keep Sellafield safe and secure, cleaning-up the site to a defined end state.
The purpose of this PIN is to understand the capability and capacity of the SAP GRC market. This information will then be used to help determine Sellafield’s overall approach and any future acquisition strategy in relation to SAP GRC.
Interested parties are requested to provide information on how your Company could provide part or all of the technology required.
The tool will enable Sellafield to:
– manage regulations and compliance and remove or mitigate any risk in managing key operations.
– develop an integrated and centralised approach to GRC which makes the most of automations to ensure that the cost of managing a GRC solution is reduced whilst significantly improving operational effectiveness and value.
– demonstrate resilience in managing overall governance, risk management and compliance with regulations, for example, GDPR.
Interested parties should refer to the Addition Information section VI.3) in this notice which details the response requirements of this PIN.
The priority areas are:
• Access Request Management
• Segregation of Duties
• User Access Reviews
• User Behaviour Profiling
• Role Management
• Emergency Access
• Licence Optimisation/Compliance
• GDPR Compliance
• Audit Compliance
• Monitoring/Analytics
• Future proofing for S/4 HANA for role migration/testing 

How to apply


Follow the instructions given in the description or the more information section.


About the buyer


Contact name

Charlotte Inglesfield


CTM Portal for the NDA Shared Services Alliance
CA20 1PG


+44 1946777868