Mosaique Limited

Aspyre

Aspyre is a cloud-based, portfolio, programme, project & PMO management software tool with a proven track-record of: increasing the visibility of your portfolio of programmes and projects; ensuring consistent, standardised and real-time reporting; achieving significant financial savings; enabling seamless, collaborative working with external organisations; promoting innovation by capturing ideas.

Features

  • Portfolio, programme, project and PMO management
  • Risk and issue management
  • Milestones and dependencies management
  • Financial (savings and costs)and other benefits management
  • Strategic objectives, KPIs and efficiency targets
  • Initiatives and ideas management
  • Resource planning and tracking (including timesheets)
  • Lessons learned information
  • Extensive reporting suite and multiple dashboards
  • Meeting minutes and agendas - improves meeting administration

Benefits

  • Improves visibility of portfolios/programmes/projects across your entire organisation
  • Provides a consistent way of working
  • Significantly reduces the time taken to produce reports
  • Data is entered once but reported in many ways
  • Facilitates better planning of programmes and projects
  • Enables seamless collaborative working, internally and with external partner organisations
  • Allows lessons learned to be captured, shared and reported on
  • Effectively manages your resources
  • Helps to ensure programme/project benefits are realised
  • Extensive in-house public sector experience to help facilitate implementations

Pricing

£16 to £25 per licence per month

Service documents

Framework

G-Cloud 11

Service ID

2 8 3 4 2 0 3 8 2 6 2 3 4 2 8

Contact

Mosaique Limited

Neil Cassidy

01564 711201

enquiries@mosaiquegroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The service may be unavailable for a short time after 21:00hrs to allow for periodic updating of the application.
System requirements
  • Connection to the internet
  • Web browser - all common browsers and versions are supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our cloud-based ticketing system will instantly log all calls and reply back to the sender with an email acknowledging receipt.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
As part of an 'Aspyre Package', we will carry out all of the initial setup and configuration of Aspyre’s ‘tree structure’. We will use our extensive experience to help you quickly see results from Aspyre. This will involve the creation of folders that represent your organisation's structure, all your divisions/departments together with folders for each of your programmes and projects, a number of which we will flesh out ‘end-to-end’ with data provided by yourselves. We can complete this and get you up and running, including training of your users, in a matter of days. This is something that really sets us apart from our competition where it’s common to wait several months to get their systems configured and users allowed onto it.

We also include a Reporting Guidance document, customised for your own organisation, that will show the ‘minimum dataset’ that needs to be completed in order to produce meaningful reports etc. We will then use this document to provide on-screen ‘hover text’ to assist users and flag up mandatory fields to be completed.

We will provide a dedicated technical account manager that can be contacted via phone or email.

Our Aspyre Support team are also available via email.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We typically provide onsite training but online training can also be provided, if required.
User documentation, training manuals and videos can be found within the application and hard copies are also provided.
Service documentation
No
End-of-contract data extraction
Users can extract data themselves via an xml export facility.
We can also provide a flat file of client data at the end of a contract.
End-of-contract process
We can provide a flat file of data at the end of a contract. This will not include any documents that a client may have uploaded to the application. These can be retrieved by the client themselves or we can carry this out on their behalf but this would incur additional costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Accessing Aspyre using a mobile device is essentially the same as the desktop service although it has obviously been designed to resize perfectly for smaller screens to make it more user-friendly. If data is amended using a mobile device then this will automatically be reflected in the desktop service, and vice versa.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
As part of an Aspyre Package, we will carry out the initial configuration of your system based on working directly with yourselves and sharing our extensive experience of working with similar clients. We will also train a number of your own users to be in-house 'Administrators' so that they will be able to carry out these tasks autonomously in the future.

Aspyre can be configured in the following ways:
Functionality/screens can be enabled/disabled.
Additional data fields can be added and/or removed, if not required.
Data field names on each screen can be amended to suit.
Choices in drop-down lists can be added to/amended.
Data fields can be made mandatory.
Hover text (on-screen guidance notes) can be added to assist users.
Logos can be uploaded and assigned to different areas of Aspyre, as required. The relevant logo is then automatically included on all reports generated from Aspyre.
Aspyre allows multiple configurations of all the functionality mentioned above to be applied to different areas of the 'tree structure' - this allows separate organisations and/or departments to work in the exact way that they want and produce the required reports for their respective audiences.

Scaling

Independence of resources
Performance of the Aspyre system is monitored on a regular basis through reports provided by our third-party data hosting provider.

Each client has their own individual Aspyre database stored on the server.

Analytics

Service usage metrics
Yes
Metrics types
Users with Administrator level access can use a suite of administrative tools including an 'Audit Trail' facility.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
All Aspyre data is hosted by a third-party company named Piksel (formerly known as IOKO/Carelink). They are the longest established, most highly accredited specialist provider of NHS N3 hosting services.
All equipment used is within the Telehouse data centre in London which offers Tier 4 levels of security.
Our hosted infrastructure is held within a secure enclosed suite (TFM20) where access requests are managed via the Piksel Service Desk and restricted to Piksel engineers and trusted 3rd party support.
Piksel’s security structure has the following accreditations: ISO 27001, ISO 20000, ISO 9000 and IGSoc.
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data via xml reporting functionality. All other reports generated within Aspyre can also be exported into common formats such as .pdf, .xls, .rtf, etc. and exported.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please refer to 'Addendum 1 - Service Level Agreement' which can be found in the document - Aspyre Terms and Conditions for G-Cloud 9.
Approach to resilience
Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 9.
Outage reporting
Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 9.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Our management interfaces use role-based access control to limit
functionality to specific user accounts.
These Administrator roles can be used by clients to tailor functionality of the application, setup and configure user access rights, etc. They can also be configured so as to only have Administrator rights for a particular area/division/department.
Our support staff have global access to the entire application in order to be provide first-class levels of support.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS United Kingdom Ltd.
ISO/IEC 27001 accreditation date
05/12/2008
What the ISO/IEC 27001 doesn’t cover
The ISO/IEC 27001 accreditation mentioned above applies to the data hosting provided by our third-party partners, Piksel. Further documentation around this and any other data-hosting related information is available on request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
It is the Policy of Mosaique Limited to ensure that:
i) Information will be protected from a loss of: confidentiality, integrity and availability.
ii) Regulatory and legislative requirements will be met.
iii) Business continuity plans will be produced, maintained and tested.
iv) Information security training will be available to all staff.
v) All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager.

Guidance and procedures have been produced to support this policy. These include incident handling,information backup, system access, virus controls, passwords and encryption.
The role and responsibility of the designated Information Security Manager is to manage information security
and to provide advice and guidance on implementation of the Information Security Policy.
The designated owner of the Information Security Policy has direct responsibility for maintaining and reviewing the Information Security Policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a robust and mature change process that is fully integrated throughout all areas of the business asset change lifecycle.
Change and configuration management activities conducted by Mosaique include: logging and scheduling of service requests received from clients, impact and risk analysis of proposed changes in liaison with relevant 3rd parties, including change approval, security review and regression planning, maintenance of a log of changes; a summary of relevant changes is provided to customers on a quarterly basis.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of our centralised patch management and monitoring process, we ensure that operating system patches and enhancements are assessed and applied to our management and customer infrastructure in a regular, timely manner with the minimum impact to service. Any minor updates that may be required are carried out to the server after 20:00hrs.
We maintain our situational awareness of new and emerging threats through engagement with vendors, CERTS and specialist groups.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All Aspyre data is held by our third-party data hosting provider - Piksel (Carelink).

Piksel undertake to provide monitoring, management and issue resolution for the server hardware, operating system, web services and Internet from their Tier-4 Data centre.

Monitoring of hardware, specific processes and agreed applications are managed via Piksel’s Nagios monitoring solution.

The core networking infrastructure, including switches and firewalls, and every server hosted in the Carelink Environment are monitored around the clock. Server monitoring includes network connection, http response, processor usage, disk space usage as well as key processes and services.
Incident management type
Supplier-defined controls
Incident management approach
We operate a well-defined and established incident management process to log, assign and diagnose incidents based upon urgency and impact and to restore service operation as quickly as possible with the minimum of disruption, in line with our SLAs.
Users will report incidents via email to our Aspyre Support team.
An incident priority will be established and the incident will be logged on our ticketing system.
Diagnostics and investigations will be carried out until the incident has been satisfactorily resolved.
Please refer to the following document for further information - Aspyre Service Definition for G-Cloud.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£16 to £25 per licence per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Core functionality included in 30-day trial version:
Summary Information
Details/Project Initiation Document (PID)
Risks & Issues
Milestones
Document Storage
Meetings Module
Reporting Suite

Excluded Functionality:
Benefits
KPIs & Objectives
Actions
Plan (including Gantt)
Deliverables
Resources
Stakeholders
Team
Lessons Learned
Finances
Additional Reports
Dashboards
Link to free trial
https://www.aspyreweb.com/AspyreWeb/Trial/AspyreTrial.aspx

Service documents

Return to top ↑