Traqplan Timelines, Resource Charts and Risk Management
Traqplan creates sophisticated timelines, roadmaps and resource charts by importing from Microsoft Project or allowing you to create directly. Used by project delivery functions for complex plans as well as HR, marketing, comms and strategy for simple plans.
Portfolios can be represented in a single plan-on-a-page.
Handles OFFICIAL SENSITIVE data.
- Creates professional timelines with swimlanes across the portfilio.
- Track changes against a baseline for multiple views
- Establishes one source of truth for project planning.
- Create simple plans for non-project professionals.
- Centralises risks for easy management and tracking across diverse teams.
- Automatically creates resource charts across the portfolio.
- Extremely simple user interface provides simpler alternative to MS Project.
- Can be hosted on platforms accredited to SECRET.
- All data is encrypted at rest and in transit.
- Visually create milestones and activities plan on a page.
- Standardises the timeline view across the portfolio and department.
- Centralises the location of plans within the department.
- Establishes one source of truth.
- Reduces the learning curve for rapidly onboarding EO grade planners.
- Improves resilience within the planning team as staff move.
- Creates powerful rapid feedback loop between PMO and project teams.
- Reduces reporting burden on teams and enables faster reporting cycles.
- Removes human error within the PMO when updating plans.
- Centralised risk register helps standardise risk management across the department.
- Enables collaboration between colleagues working locally and overseas.
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Microsoft Project|
|Cloud deployment model||
|Service constraints||Requires google Chrome, Firefox or Microsoft Edge web browser to run.|
|System requirements||Requires software licences to be bought.|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||
We offer different response times based on the criticality of the issue as identified in the support request.
1) Business Critical – Your normal service requires urgent support to perform essential duties. Response time within 2 hours.
2) Material Fault - Interruption to normal service – You are still able to perform the majority of business functions. Response time 4 hours.
3) Cosmetic Fault - 8 hours
4) Change request - 8 hours
We do not offer weekend support as standard.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We offer one support structure which allows the user to purchase a "package" of days with volume discount
Support Package Costs:
1 day £1500
5 days £6000
10 days £11,000
15 days £15,750
25 days £25,000
35 days £33,250
50 days £45,000
75 days £63,750
100 days £80,000
We also offer packages of classroom training specific to the traqplan software which can be more cost efficient for larger groups of people;
Prices for training courses;
1 training course £1200 per course.
2 courses £1100 per course
3 courses £1000 per course
5 courses £900 per course
10 courses £800 per course (covers 80 people)
15 courses £700 per course (covers 120 people)
We appoint a technical account manager to a customer .
We do not offer weekend support as standard.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide onsite training, access to video tutorials and documentation.|
|End-of-contract data extraction||The users can extract their data by requesting it via email.|
|End-of-contract process||At the end of contract the user login access is removed, and the customer details are deleted. There is no additional cost.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of service interface||The interface to the service is via a web domain which provides login via OAuth2. This login can be integrated with the customer secure services such as Okta , or via an OAuth2 provider. On logging in the user can access their organisation account. The service is only available through web browsers and the data and usage is not suitable for smaller screens such as smart phones.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
All of our graphical elements have textual descriptions.
Our control buttons have text embedded in the button and the menus are plain text.
Our application is not intended to generate a sensory experience.
We provide training material in video format with audio, however for accessibility this is also made available in written format (pdf) with textual descriptions.
|Accessibility testing||We have tested with an experienced user of JAWS (assistive technology for the visually impaired experienced). While the tool itself can read lists we were provided feedback that the nature of our application is extremely graphical and indeed the purpose of our application is to convert tabular textual data into graphics. The JAWS application works better with the raw data which we use as input, therefore users of assistive technology would read the raw source data we use as input which is readily available.|
|Description of customisation||
Administrators can add normal user accounts;
All users (both administrators and non-admin) can tailor the views they wish to create, and can save bespoke views of their plans and data.
The type of customisation they can achieve includes completely designing their own views and saving multiple views, changing symbol colour , shape and text descriptions. They can change the plan activity bars colour, size and text descriptions.
Customisation is all done view the web browser user interface graphical user interface.
|Independence of resources||Traqplan is a Cloud Native architecture, consisting of containerised micro-services, and is designed for horizontal scaling. Resources can be scaled to meet demand.|
|Service usage metrics||Yes|
|Metrics types||We can provide metrics on file upload data and time.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users export their data by printing it from within the application. This can be printed to hard copy or to pdf or softcopy using export function provided.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||Microsoft Project files|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
We use Microsoft Azure as our hosting environment and pass through the following service level agreement commitments;
99.9% availability of service and data
If less than 99.9% availability per month we will return 10% service credit
If less than 90% availability per month we will return 25% service credit
|Approach to resilience||We prefer not to make this information public, and we will provide this information on request.|
|Outage reporting||We report outages via email alerts to the designated customer administrators for the application service.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We can also integrate with any organisations bespoke authentication service.|
|Access restrictions in management interfaces and support channels||Access to management interfaces and support channels is controlled and restricted using role based access controls.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Less than 1 month|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Certification|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We are working towards ISO27001 standards and our processes are aligned towards this. Our processes outline responsibility towards security throughout the company and supply base with security terms built into contracts and training rolled out internally. Our governance against our processes is led from the top of the company down with CEO and CTO ensuring regular audits are performed. Our incident response process ensures transparency with our customers and builds in lessons learned for continual improvement. These policies are built into our security policies and adherence to our policy standards (or similar) are built into service contracts and employment contracts.|
|Information security policies and processes||
Our security policies are based on ISO27001 standards as we are working towards ISO27001 certification.
Our documented policies include the following;
(1) Information Security Policy (ISP ) which outlines the security framework, leadership commitment, organisational aspects and operational assurances we are committed to performing.
(2) Information Security Management System (ISMS) which goes into specific detail across a broad range of areas per ISO27001 and how we conduct ourselves.
(3) Incident Response Plan which outlines how we respond when an incident is found and repeats our commitment to transparency with our customers and how we involve outside agencies where appropriate including ICO, law enforcement and the customers.
(4) Risk Management Process which defines how we assess and pre-empt security risks.
Our policies define that security is led from the top of the company ultimately through the CEO and CTO, and evidence of adherence to security policies is a standing agenda item in the company board reviews. The incident response plan defines the reporting of incidents from the point where the incident was noticed directly through the named data security officer and CTO with the CEO being informed of every incident.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
New Development or infrastructure: Board reviews major choice of infrastructure.
Quality Testing: Systems components are selected and regularly reviewed for currency, regularity of updates and industry wide adoption. Our system updates do not depend on board review for approval and can be rolled out in faster controlled process to respond to security threats.
We test all changes in a test environment before deploying them to live production systems.
We use role-based access to control authorisation to change production systems.
Scripted deployment for automatic deployment from source control, eliminates human error, and assures the configuration of deployed software.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
We identify and mitigate security issues using the following approach;
(a) we assess vulnerabilities by running automatic audit tools on the software to flag where known vulnerabilities exist and where patches are available.
(b) continuously check for known vulnerabilities against the software systems, components and libraries we use. We apply patches within two weeks to close known vulnerabilities. When no patches or updates exist we assess the risk of the vulnerability to determine the safest course of action.
(c) we get information from CiSP membership bulletins and by news bulletins from membership forums such as the International Systems Security Association.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Protective monitoring – in order to detect attacks and unauthorised activity on the service we employ a combination of automated audit logging and regular analysis of these. If a potential compromise is discovered we look more closely at audit logs and logins to determine if a compromise has actually occurred. In addition, we determine a risk score based upon 3 factors: the likely threats; the likelihood that there was a compromise; the impact of the compromise. We respond within 24 hours.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
We have a detailed incident response plan document covering processes for all events including common events
Users report incidents through the DPO in written form and verbally.
Incident reports are captured in written form and emailed.
1) The discoverer captures details and alerts the designated DPO
2) Incident analysed , categorised and recorded
3) Recommend changes to prevent propagation
4) Restore the affected system(s) .
5) Preserve evidence and permanent log of incident
7) Notify proper external agencies and customers as appropriate.
8) Review response and update policies—plan and take preventative steps so the intrusion can't happen again.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£15 to £150 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
The trial is available for full access to all the application features for four weeks duration.
This does not include;
a) bespoke requirements to enable access to the system
b) access to the support SLA
|Link to free trial||https://traqplan.com/|