Mazepoint Limited

Mazepoint Project and Action Tracking Service

This service, called Mazetrack, automates and streamlines the processes of organisational change. Full transparency for all stakeholders across all project and activity phases drives performance improvements. A management tool for the busy executive supervising multiple or single initiatives, it provides instant progress updates against agreed indicators, deadlines, responsibilities and risks.

Features

  • Set, plan and agree commitment to actions with multiple parties
  • Improvement targets for individuals and multiple users
  • Integrated workflow for action creation, commitment, implementation, validation and conclusion
  • Dashboard displaying actions status with KPIs and GANTT charts
  • Clear traffic light status indicators, On Schedule, Delayed, Overdue
  • Email notifications to key stakeholders, encouraging regular reviews
  • Ability to attach supporting documents and files
  • Visibility of communications between target stakeholders
  • Information displayed is tailored to the role of each user
  • Complete audit trail of target amendments

Benefits

  • Directors and Managers can align activities with organisational objectives
  • Workflow automates activity administration, saving resource and time
  • Instant status updates for multiple activities, improving effectiveness and efficiency
  • Early warning of project delays or failures, reducing risk
  • Encourages regular engagement by supervisors and stakeholders, increasing commitment
  • Relevant documents in one place, saving time, increasing efficiency
  • Relevant communications in one place, saving time, increasing efficiency
  • Role-based information maintains user focus, improving the chances of success
  • Unambiguous, properly authorised targets focus team efforts towards achievement
  • Full transparency of actions and progress across all committed parties

Pricing

£8.67 to £25 per user per month

  • Free trial available

Service documents

G-Cloud 11

168976401233474

Mazepoint Limited

James Noble

020 7348 7600

jnoble@mazepoint.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Other Mazepoint G-Cloud listings (Cloud Hosting, Cloud Software, Cloud Support)
Cloud deployment model Private cloud
Service constraints On-site support at extra cost. Remote support available in the UK during normal office hours 8:30 to 17:30 (except public holidays, weekends or between Christmas and New Year).
System requirements
  • Mazeview and Mazetrack software licences
  • Windows 10, MAC OSX 10.10 or newer
  • Windows: Intel Pentium 4 or AMD Opteron processor or newer
  • MAC and Windows: min 1366x768 screen resolution, 2-8GB RAM
  • MS Office including Excel 2007 or higher
  • Minimim 20Mbps Internet connection recommended

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response times depend on the level of support required, ranging from 1 hour response for Critical issues for the Premium Service, resolution target within 4 hours, to 2 days response and 5 days resolution target for Standard Service. Support hours do not include week-ends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our approach to service levels is based on ITIL standards and is detailed in our Cloud Support Service Description document. In principle it supports the identification, management, resolution, and considered future mitigation of issues through a multi-level support structure, contactable through various channels and operating during normal UK office hours of 8:30 - 17:30, Monday to Friday (except UK public holidays and the period between Christmas and New Year). Other support arrangements are available on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Tailored to each customer's requirements, can include onsite, online training and user documentation
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Upon request, Mazepoint will provide a complete data set, at an extra cost
End-of-contract process The service will be turned off at the end of the contract and no further charges will be incurred. However there would be an additional cost for further data extraction depending on the amount of data requested, for which Mazepoint will provide a quotation.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile version has reduced administration features, focussing on functions most likely to be used by mobile users, for example updating action statuses, comments, and performance reporting.
API Yes
What users can and can't do using the API Mazetrack uses the APIs included with MS SQL Server to connect to other systems, primarily for KPI data feeds.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Some customisation may be possible but it is not self-service and is likely to involve extra cost.

Scaling

Scaling
Independence of resources Server capacity is managed within the virtualisation environment which is controlled by the infrastructure team using monitoring tools. Systems usage and capacity are monitored through the router logs which provide alerts to potential performance and capacity limits. Performance of specific customer applications is monitored regularly to ensure continuity of service. Customer websites and applications are continuously monitored with Site24x7. Project managers and delivery and support staff will be immediately updated on any resource capacity issues that arise on a customer's environment.

Analytics

Analytics
Service usage metrics Yes
Metrics types Please refer to our Service Definition document for more information.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All documents in the system can be downloaded by users with the appropriate permissions, as can project and actions data, in a format readable by Excel.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • SQL
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Word document
  • Adobe pdf
  • Excel
  • JPG
  • XML
  • Other document and picture formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability is defined as the time the service is available during the agreed service window i.e. outside of agreed downtime for maintenance and upgrades. Any further agreed downtime does not count towards the service availability statistic. Generally, Mazepoint offers a 99.7% service availability measured on a monthly basis which will be confirmed in the SLA. Any case of a breach of an SLA will be reported as an incident in Mazepoint's support ticketing system and assigned an impact and urgency level, which is accessible to the client.
Approach to resilience The software solution provides a degree of resilience through componentisation. A failure in one component will not necessarily effect others. Further resilience at the application level (e.g. clustering) is not supported by the analytical components.
The underlying virtualised infrastructure runs on resilient host hardware. Virtual machines can be migrated between hosts with no loss in service and minimal disruption.
Firewalls are clustered and configured to failover in the event of an individual one failing.
Mazepoint’s data centre provider has highly resilient infrastructure including dual power feeds & backup generator capacity, and redundant cooling, offering power uptime SLA’s of 99.999%.
Internet connectivity is multi-homed via several suppliers to ensure continuous connectivity in the event of an ISP failure.
Outage reporting Service availability at a client level is continuously monitored by Mazepoint. Any service failures will alert the Mazepoint Infrastructure team who will deal with the issue accordingly. An incident support ticket will be created, alerting the customer, and will be resolved in accordance to the agreed SLA. Live public service dashboards and direct email alerts are available on request at an additional cost.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Mazepoint’s User Access Management Policy establishes the procedures for restricting access to prevent unauthorised access to information systems. The procedures are documented for new users, managing change, password and privilege management as well as regular reviews of user access rights. Group-based permissions are supplied within each service application, generally administered by the customer, with the capability to control each user’s data and information access rights. Mazepoint’s Password Security Policy establishes the standards required for password complexity and compliance measurement. Access to Mazesupport, Mazepoint’s support ticketing system is governed by similar user-access rights and passwords.
Access restriction testing frequency At least once a year
Management access authentication Other
Description of management access authentication Management access is operated through the Mazesupport ticketing system and implemented by Mazepoint staff subject to the contract and Service Level Agreement. There is no direct access management portal.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACS Registrars Ltd.
ISO/IEC 27001 accreditation date 13/9/2012
What the ISO/IEC 27001 doesn’t cover There are no exclusions to the certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Without exception, all Mazepoint staff are contractually obliged to adhere to the principles of ISO27001:2013 and the GDPR in respect of information security. The company’s ISO27001 accreditation is based on a variety of policies, procedures, risk assessments and responsibilities, all of which are subject to regular external and internal audits, and staff are regularly reminded of their obligations and notified when policies and procedures are updated. The company’s ISO accreditation is led by the Managing Director, the management representative, who retains responsibility for overall observance of policies, processes and updates while delegating responsibility for monitoring and compliance, primarily to the infrastructure and administration teams but also to the software development and new business teams. Each policy and process includes compliance measurement which is carried out by the policy owner and verified by the management representative. The company’s online Information Security Management System maintains all policy and process information, including ISO9001:2015 documentation and the Feedback Reporting System for use by all staff. The Managing Director and all team leaders attend the audits to ensure that any observation or potential non-conformance is addressed with the appropriate level of urgency, and management reviews are carried out and documented by the management representative.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Mazepoint follows the ITIL methodology for configuration and change, defined mainly as Standard or Normal. Requests are logged via Mazepoint's support ticketing system (Mazesupport) and assessed in terms of impact and urgency. A priority matrix is referred to determining the response and resolution time for each request. For system critical items, users are also required to inform Mazepoint by telephone. Users will be notified of an approximate time for resolution at the outset and regularly updated until completion.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Mazepoint’s Vulnerability Management Policy documents this process which is enforced by the infrastructure team. Common vulnerabilities and exposures are routinely checked in accordance with the CVE database and other third party sources. Systems are monitored to detect and assess vulnerabilities which are then classified and prioritised by risk and urgency. Vulnerability removal is then planned and executed. Software updates are applied on a regular basis or immediately in the case of high risk, urgent vulnerabilities. User identity and access rights, hardware and software configuration standards, and network vulnerabilities are all regularly reviewed, assessed and tested, and remediation plans implemented.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The firewall logs are regularly reviewed using the Intrusion Protection monitoring tool dashboard to understand potential compromises. Firewall logs can be filtered based on IP address and server, and the SmartMonitor application monitors VPN connections and firewall activity. Management of incidents is documented in the Information Security Incident Management policy.
Incident management type Supplier-defined controls
Incident management approach Mazepoint’s Information Security Incident Management Policy documents this process. Security incidents that have a direct impact on a customer’s application or data will result in the customer being contacted immediately following incident identification, as well as the Information Commissioner's Office if applicable. Security incidents are logged in Mazepoint’s support ticketing system, Mazesupport, and the progress of open tickets tracked. Upon closure of a security incident ticket, the customer will receive a full report covering the time the incident was identified to its resolution. Monthly security and service reports are available to the customer at an additional cost.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks Firecrest

Pricing

Pricing
Price £8.67 to £25 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Please refer to our service definition document for more information.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑