Mosaique Limited

Aspyre

Aspyre is a cloud-based, portfolio, programme, project & PMO management software tool with a proven track-record of: increasing the visibility of your portfolio of programmes and projects; ensuring consistent, standardised and real-time reporting; achieving significant financial savings; enabling seamless, collaborative working with external organisations; promoting innovation by capturing ideas.

Features

  • Portfolio, programme, project and PMO management
  • Risk and issue management
  • Milestones and dependencies management
  • Financial (savings and costs)and other benefits management
  • Strategic objectives, KPIs and efficiency targets
  • Initiatives and ideas management
  • Resource planning and tracking (including timesheets)
  • Lessons learned information
  • Extensive reporting suite and multiple dashboards
  • Meeting minutes and agendas - improves meeting administration

Benefits

  • Improves visibility of portfolios/programmes/projects across your entire organisation
  • Provides a consistent way of working
  • Significantly reduces the time taken to produce reports
  • Data is entered once but reported in many ways
  • Facilitates better planning of programmes and projects
  • Enables seamless collaborative working, internally and with external partner organisations
  • Allows lessons learned to be captured, shared and reported on
  • Effectively manages your resources
  • Helps to ensure programme/project benefits are realised
  • Extensive in-house public sector experience to help facilitate implementations

Pricing

£16 to £25 per licence per month

Service documents

G-Cloud 11

283420382623428

Mosaique Limited

Neil Cassidy

01564 711201

enquiries@mosaiquegroup.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The service may be unavailable for a short time after 21:00hrs to allow for periodic updating of the application.
System requirements
  • Connection to the internet
  • Web browser - all common browsers and versions are supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our cloud-based ticketing system will instantly log all calls and reply back to the sender with an email acknowledging receipt.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels As part of an 'Aspyre Package', we will carry out all of the initial setup and configuration of Aspyre’s ‘tree structure’. We will use our extensive experience to help you quickly see results from Aspyre. This will involve the creation of folders that represent your organisation's structure, all your divisions/departments together with folders for each of your programmes and projects, a number of which we will flesh out ‘end-to-end’ with data provided by yourselves. We can complete this and get you up and running, including training of your users, in a matter of days. This is something that really sets us apart from our competition where it’s common to wait several months to get their systems configured and users allowed onto it.

We also include a Reporting Guidance document, customised for your own organisation, that will show the ‘minimum dataset’ that needs to be completed in order to produce meaningful reports etc. We will then use this document to provide on-screen ‘hover text’ to assist users and flag up mandatory fields to be completed.

We will provide a dedicated technical account manager that can be contacted via phone or email.

Our Aspyre Support team are also available via email.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We typically provide onsite training but online training can also be provided, if required.
User documentation, training manuals and videos can be found within the application and hard copies are also provided.
Service documentation No
End-of-contract data extraction Users can extract data themselves via an xml export facility.
We can also provide a flat file of client data at the end of a contract.
End-of-contract process We can provide a flat file of data at the end of a contract. This will not include any documents that a client may have uploaded to the application. These can be retrieved by the client themselves or we can carry this out on their behalf but this would incur additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Accessing Aspyre using a mobile device is essentially the same as the desktop service although it has obviously been designed to resize perfectly for smaller screens to make it more user-friendly. If data is amended using a mobile device then this will automatically be reflected in the desktop service, and vice versa.
API No
Customisation available Yes
Description of customisation As part of an Aspyre Package, we will carry out the initial configuration of your system based on working directly with yourselves and sharing our extensive experience of working with similar clients. We will also train a number of your own users to be in-house 'Administrators' so that they will be able to carry out these tasks autonomously in the future.

Aspyre can be configured in the following ways:
Functionality/screens can be enabled/disabled.
Additional data fields can be added and/or removed, if not required.
Data field names on each screen can be amended to suit.
Choices in drop-down lists can be added to/amended.
Data fields can be made mandatory.
Hover text (on-screen guidance notes) can be added to assist users.
Logos can be uploaded and assigned to different areas of Aspyre, as required. The relevant logo is then automatically included on all reports generated from Aspyre.
Aspyre allows multiple configurations of all the functionality mentioned above to be applied to different areas of the 'tree structure' - this allows separate organisations and/or departments to work in the exact way that they want and produce the required reports for their respective audiences.

Scaling

Scaling
Independence of resources Performance of the Aspyre system is monitored on a regular basis through reports provided by our third-party data hosting provider.

Each client has their own individual Aspyre database stored on the server.

Analytics

Analytics
Service usage metrics Yes
Metrics types Users with Administrator level access can use a suite of administrative tools including an 'Audit Trail' facility.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Other
Other data at rest protection approach All Aspyre data is hosted by a third-party company named Piksel (formerly known as IOKO/Carelink). They are the longest established, most highly accredited specialist provider of NHS N3 hosting services.
All equipment used is within the Telehouse data centre in London which offers Tier 4 levels of security.
Our hosted infrastructure is held within a secure enclosed suite (TFM20) where access requests are managed via the Piksel Service Desk and restricted to Piksel engineers and trusted 3rd party support.
Piksel’s security structure has the following accreditations: ISO 27001, ISO 20000, ISO 9000 and IGSoc.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export data via xml reporting functionality. All other reports generated within Aspyre can also be exported into common formats such as .pdf, .xls, .rtf, etc. and exported.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Please refer to 'Addendum 1 - Service Level Agreement' which can be found in the document - Aspyre Terms and Conditions for G-Cloud 9.
Approach to resilience Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 9.
Outage reporting Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 9.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Our management interfaces use role-based access control to limit
functionality to specific user accounts.
These Administrator roles can be used by clients to tailor functionality of the application, setup and configure user access rights, etc. They can also be configured so as to only have Administrator rights for a particular area/division/department.
Our support staff have global access to the entire application in order to be provide first-class levels of support.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS United Kingdom Ltd.
ISO/IEC 27001 accreditation date 05/12/2008
What the ISO/IEC 27001 doesn’t cover The ISO/IEC 27001 accreditation mentioned above applies to the data hosting provided by our third-party partners, Piksel. Further documentation around this and any other data-hosting related information is available on request.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes It is the Policy of Mosaique Limited to ensure that:
i) Information will be protected from a loss of: confidentiality, integrity and availability.
ii) Regulatory and legislative requirements will be met.
iii) Business continuity plans will be produced, maintained and tested.
iv) Information security training will be available to all staff.
v) All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager.

Guidance and procedures have been produced to support this policy. These include incident handling,information backup, system access, virus controls, passwords and encryption.
The role and responsibility of the designated Information Security Manager is to manage information security
and to provide advice and guidance on implementation of the Information Security Policy.
The designated owner of the Information Security Policy has direct responsibility for maintaining and reviewing the Information Security Policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a robust and mature change process that is fully integrated throughout all areas of the business asset change lifecycle.
Change and configuration management activities conducted by Mosaique include: logging and scheduling of service requests received from clients, impact and risk analysis of proposed changes in liaison with relevant 3rd parties, including change approval, security review and regression planning, maintenance of a log of changes; a summary of relevant changes is provided to customers on a quarterly basis.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of our centralised patch management and monitoring process, we ensure that operating system patches and enhancements are assessed and applied to our management and customer infrastructure in a regular, timely manner with the minimum impact to service. Any minor updates that may be required are carried out to the server after 20:00hrs.
We maintain our situational awareness of new and emerging threats through engagement with vendors, CERTS and specialist groups.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All Aspyre data is held by our third-party data hosting provider - Piksel (Carelink).

Piksel undertake to provide monitoring, management and issue resolution for the server hardware, operating system, web services and Internet from their Tier-4 Data centre.

Monitoring of hardware, specific processes and agreed applications are managed via Piksel’s Nagios monitoring solution.

The core networking infrastructure, including switches and firewalls, and every server hosted in the Carelink Environment are monitored around the clock. Server monitoring includes network connection, http response, processor usage, disk space usage as well as key processes and services.
Incident management type Supplier-defined controls
Incident management approach We operate a well-defined and established incident management process to log, assign and diagnose incidents based upon urgency and impact and to restore service operation as quickly as possible with the minimum of disruption, in line with our SLAs.
Users will report incidents via email to our Aspyre Support team.
An incident priority will be established and the incident will be logged on our ticketing system.
Diagnostics and investigations will be carried out until the incident has been satisfactorily resolved.
Please refer to the following document for further information - Aspyre Service Definition for G-Cloud.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £16 to £25 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Core functionality included in 30-day trial version:
Summary Information
Details/Project Initiation Document (PID)
Risks & Issues
Milestones
Document Storage
Meetings Module
Reporting Suite

Excluded Functionality:
Benefits
KPIs & Objectives
Actions
Plan (including Gantt)
Deliverables
Resources
Stakeholders
Team
Lessons Learned
Finances
Additional Reports
Dashboards
Link to free trial https://www.aspyreweb.com/AspyreWeb/Trial/AspyreTrial.aspx

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑