Purchaser
UN Secretariat
Country
Multiple countries
Notice published
7 Jul 2026
Tenqual indexed
8 Jul 2026
Closing date
24 Jul 2026
Source ID
Docs found
Save this notice and create a free tender alert for similar public opportunities.
Source documents portal identified
Create a free tender alert, then continue to the source documents portal on un.org.
- Create one free tender alert.
- See a short explanation of why each tender matches.
- Upgrade later when you want help planning and writing the bid.
Tender summary
The United Nations Joint Staff Pension Fund (UNJSPF), through its Office of Investment Management (OIM), seeks Expressions of Interest from qualified and experienced vendors for the provision of a Third Party Risk Management (TPRM) solution. The solution is expected to support the Fund’s third party ecosystem, including vendors, investment partners, inter agency service providers, and subcontractors, by enabling centralized governance, risk identification, assessment, monitoring, and mitigation across the full lifecycle of third party engagements. The objective is to enhance risk oversight through standardized methodologies, defined risk appetite thresholds, and integrated monitoring capabilities, while providing comprehensive visibility and audit trails to support informed decision making. Summary of the requirement: 1. Support end to end third party risk management, including onboarding, assessment, approval, monitoring, and termination across all third party relationships. 2. Enable structured risk assessment processes, including inherent risk evaluation, control effectiveness, and residual risk scoring across key risk domains. 3. Provide configurable questionnaires and workflows, including conditional logic, automated notifications, and role-based review processes. 4. Facilitate due diligence and third party engagement, including secure data collection, document review, and identification of risk indicators or red flags. 5. Maintain a centralized inventory of third parties, including services, ownership structures, and associated risk and performance data. 6. Support ongoing monitoring and lifecycle management, including periodic reassessments, alerts, and document review tracking. 7. Provide third party performance management capabilities, including scorecards, performance metrics, and integration of results into vendor profiles. 8. Deliver reporting, dashboards, and audit trails to support governance, risk oversight, and decision making. 9. Enable integration with enterprise systems (e.g., ITSM, and GRC systems) and external data sources. 10. Ensure the TPRM system is compliant with relevant standards related to security, data protection, and access controls, authentication etc Specific Requirements/Information The proposed TPRM solution should, at a minimum, provide the following capabilities. Inherent Risk Questionnaire (IRQ) • Enable internal third-party service request by submitting a new IRQ. • Data model supports both parent-child ownership structures of third-party entities and where the same legal entity has multiple third-party services/contracts. • Support grouped questions and conditional (nested) logic where additional questions are triggered by earlier responses. • Provide different types of question (e.g., free text, dropdowns, document upload). • Calculate inherent risk scores (1–3 = Low, Medium, High) for each risk domain (e.g., information security, business continuity, sustainability, data privacy) based on IRQ responses. • Determine service criticality/tiering (e.g. Tier 1, 2, 3) based on IRQ responses. • Generate a high‑level summary of the new third‑party service, inherent risks for each risk domain, and tiering. • Upon IRQ submission, create a new record for each third‑party service in a central inventory using information from the IRQ. • Send notifications to relevant internal Risk SME teams upon IRQ submission to ensure awareness of the new request. Due Diligence Questionnaire (DDQ) • Issue the DDQ to the third-party via a secure portal showing only questions and the third-party own responses; support save‑progress and multi‑respondent input on the third-party side. Control effectiveness scores must not be visible to the third party. • Send automated reminders to the third-party to respond to the DDQ before the pre-defined deadline. • Organize DDQ by risk domains (e.g., information security, business continuity, sustainability, data privacy) with the ability to include or suppress specific
What to check before bidding
- Issued by UN Secretariat.
- Located in Multiple countries.
- Source notice EOIUNPD24540 on UNGM.
- Notice published 7 Jul 2026; Tenqual indexed it 8 Jul 2026.
- Deadline listed as 24 Jul 2026.
- Source documents portal identified.
- Create a free tender alert to catch similar opportunities before the deadline pressure starts.