enderView.ai
Sign InStart free
AwardedServicesEuropeanOpen

GRC system

Gemeente Velsen · Open · 1 lots · 391954
Type
Services
72000000
Estimated value
Not published
To deadline
Ongoing
Knock-outs
0
exclusion grounds
Award basis
Best price-quality ratio
Assess manuallyconfidence high

Tender for the delivery of a GRC system as a SaaS service for the Municipality of Velsen to comply with the BIO and AVG. The agreement has a maximum duration of eight years.

Services · Open · European procedure

EuropeanComplete timeline
Contracting authority
Gemeente Velsen
Contract type
Services
Open
Estimated value
Estimate not published
Submission deadline
Ongoing
10:00
Scope
European
European procedure
Lots
1
1 lots
Main CPV code
72000000
Location
Netherlands
CharacteristicsCPV 72ServicesEU tender

01What is being requested

Delivery of a GRC system as SaaS for privacy and information security, including training, hosting and technical management for a maximum duration of eight years.

Municipality of Velsen has a need for a GRC system to map risks and to be able to take measures to mitigate those risks (if necessary). It is a toolkit to be able to comply with the Baseline Information Security Government (BIO) standard framework and the requirements from the General Data Protection Regulation (AVG).

72000000Services
1Lot

02Outcome

Awarded

Thirdwave Privacy Compliance Solutions B.V.

Bidders
4

03Strategic insight

Strategic insight · AI analysis
Ensure that the ISO27001 certification can be demonstrated immediately after award. Check whether the SaaS functionalities fully align with the stated functional requirements without customization. Take into account the strict validity period of three months.
Read automatically from the tender documents using AI. Always verify against the original documents.

04Points of attention

Important · 4
The bidder must meet the requirements of the Program of Requirements without customization.Important
The bid must be made valid for a period of three months.Important
It is not permitted to contact employees of the municipality directly.Important
Bidders may not submit variants.Important

05Can I take part?

Technical — Bidder has a valid certification applicable to the entire service provision, ISO27001 or equivalent.

06Exclusion grounds

Exclusion grounds — consult the ESPD
  • No specific exclusion grounds were extracted. In a European tender, the mandatory and discretionary grounds of art. 2.86/2.87 of the Dutch Procurement Act almost always apply — check the European Single Procurement Document (ESPD).

07Process & timeline

Date of publication of contract notice
09-09-2025
Deadline for submitting 1st round of questions
22-09-2025, 10:00 uur
First Memorandum of Information
29-09-2025
Opportunity to ask a 2nd round of questions
06-10-2025, 10:00 uur
Deadline for sending the second and final Memorandum of Information
13-10-2025
Closing date and time for submitting bids
27-10-2025, 10:00 uur
Invitation for demo
6-11-2025
Demos
11-11-2025 en 13-11-2025
Assessment of bids by the municipality
Week 44/45/46/47
Award decision and requesting evidence
24-11-2025
Optional verification interview
Week 48/49
Notification of end of standstill period
15-12-2025
Ingangsdatum overeenkomst
01-01-2026

08Value in context

Estimate not published

The contracting authority did not publish an estimated value — common for a large share of contracts. The EU threshold for diensten is € 221.000, for reference.

09Bidders in this segment

#Likely bidderFitWins
1Centric Netherlands B.V.SME9456×
2Afas Software B.V.SME9432×
3Visma Raet B.V.SME9418×
4Visma Roxit B.V.SME9416×
5KPN B.V.SME9327×
6PQR B.V.SME9325×

10Tender documents

TN545031 - EF29 Aankondiging gegunde opdracht - algemene richtlijn, standaardregeling 20260106101844pdfJan 7, 2026 · 142 KB
Nota van Inlichtingen 2 - GRC-systeem tbv gemeente VelsenxlsxOct 9, 2025 · 46 KB
Nota van Inlichtingen 1 - GRC-systeem tbv gemeente VelsenxlsxSep 29, 2025 · 64 KB
Bijlage A Programma van Eisen GRC-systeempdfSep 10, 2025 · 266 KB
Bijlage I Protocol SROIpdfSep 10, 2025 · 108 KB
Bijlage F GIBITpdfSep 10, 2025 · 652 KB
Bijlage G Verwerkersovereenkomst Velsen Versie 2.5 (1) (003)pdfSep 10, 2025 · 208 KB
Bijlage H Concept WachtkamerovereenkomstpdfSep 10, 2025 · 93 KB
Bijlage E Concept overeenkomst GRC-systeempdfSep 10, 2025 · 129 KB
uea_545031_20250909085725pdfSep 10, 2025 · 364 KB
Bijlage J Template SLA 2025pdfSep 10, 2025 · 242 KB
Bijlage K Casussen bij gunningcriterium demopdfSep 10, 2025 · 102 KB

11Legal themes that may be relevant here

12Frequently asked questions

What are the conditions regarding liability?
Liability is limited to a maximum of € 250,000 per event.
How does the subscription invoicing work?
Invoicing takes place annually in advance. The first invoice may be sent from the intended commencement date of the agreement on 1-1-26.
Which data must be migrated from the current system?
Data must be migrated from Key2Control. This concerns historical data of tasks (including results, comments and attachments), the risk register and data from the audit module (historical data of internal audits and a template for an audit program).
What is included in the scope regarding technical implementation?
For a SaaS system, it is assumed that there is no technical implementation on the municipality's systems. Creating a specific environment for the Municipality of Velsen in which administrators and users can work is included in the scope.
How many users must the system be suitable for?
Currently there are 44 users, including 4 user administrators/task administrators.

Automatically compiled from the official tender data and documents.

13Estimated value versus the market

p25
€ 327K
median
€ 800K
p75
€ 2,5 mln
deze opdracht

Gegunde waarden in CPV 72 · diensten n=1436