Vendor needs to provide governance, risk and compliance platform. – to support both third–party/vendor IT risk assessments (VRM) and internal IT Integrated Risk Assessments (IRM) across a geographically distributed, federated environment. – The chosen platform will allow agency locations to manage workflows for different kinds of assessments, including gathering vendor questionnaires, performing risk analysis, tracking status, and reporting. – Solution will allow sharing of vendor information with other locations via a searchable internal vendor repository and will support rollup risk reporting for location leadership and globally aggregated results to senior agency leadership. – The selected platform will underpin the development of a systemwide assessments service, which will be managed by an in–house team.