DMS Issues RFI for Governance, Risk and Compliance Solutions

The Department of Management Services has issued a request for information (RFI) regarding scalable governance, risk and compliance (GRC) platform solutions that can be purchased or licensed enterprise-wide.

According to the RFI, “the platform should enable select users to manage the cybersecurity risk landscape across the enterprise and to identify and detect gaps in effectiveness across people, processes and technology.”

Primary GRC users would include the enterprise’s risk management personnel, inspector general personnel, compliance personnel, cybersecurity personnel and IT risk management personnel, the RFI states.

Specific information the department is seeking from vendors includes:

• Their platform’s ability to measure and track cybersecurity and IT risks 
• Their platform’s ability to allow the department’s cybersecurity personnel to manage enterprise risk by collaborating with third parties outside of the department, including the enterprise inspector general community 
• Their platform’s ability to perform automated functions, including but not limited to risk management, risk governance, risk identification and analysis, risk monitoring, risk response, risk planning, compliance and risk reporting functions 

If chosen by the department, the platform must be able to provide the following:

• Identify and assess risks (both qualitative and quantitative) across an entity 
• Provide risk response and perform risk mitigation 
• Perform ongoing monitoring through automated compliance checks and use of key risk indicators 
• Provide overall risk assessment reports of controls, risks and ratings, including the ability to generate heat maps and dashboards and have customizable formatting for reports 
• Import legacy data through integrations or flat files 

More detailed information about RFI DMS-2324-073, including all submission requirements and requests, can be found online. The deadline for responses is 1 p.m. April 16.