Traqplan limited

Traqplan Timelines, Resource Charts and Risk Management

Traqplan creates sophisticated timelines, roadmaps and resource charts by importing from Microsoft Project or allowing you to create directly. Used by project delivery functions for complex plans as well as HR, marketing, comms and strategy for simple plans.

Portfolios can be represented in a single plan-on-a-page.



  • Creates professional timelines with swimlanes across the portfilio.
  • Track changes against a baseline for multiple views
  • Establishes one source of truth for project planning.
  • Create simple plans for non-project professionals.
  • Centralises risks for easy management and tracking across diverse teams.
  • Automatically creates resource charts across the portfolio.
  • Extremely simple user interface provides simpler alternative to MS Project.
  • Can be hosted on platforms accredited to SECRET.
  • All data is encrypted at rest and in transit.
  • Visually create milestones and activities plan on a page.


  • Standardises the timeline view across the portfolio and department.
  • Centralises the location of plans within the department.
  • Establishes one source of truth.
  • Reduces the learning curve for rapidly onboarding EO grade planners.
  • Improves resilience within the planning team as staff move.
  • Creates powerful rapid feedback loop between PMO and project teams.
  • Reduces reporting burden on teams and enables faster reporting cycles.
  • Removes human error within the PMO when updating plans.
  • Centralised risk register helps standardise risk management across the department.
  • Enables collaboration between colleagues working locally and overseas.


£15 to £150 per user per month

Service documents


G-Cloud 11

Service ID

4 3 1 2 8 7 8 7 0 0 0 3 4 6 6


Traqplan limited

Colin Ward

07825 883 159

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Microsoft Project
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Requires google Chrome, Firefox or Microsoft Edge web browser to run.
System requirements Requires software licences to be bought.

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times We offer different response times based on the criticality of the issue as identified in the support request.

1) Business Critical – Your normal service requires urgent support to perform essential duties. Response time within 2 hours.

2) Material Fault - Interruption to normal service – You are still able to perform the majority of business functions. Response time 4 hours.

3) Cosmetic Fault - 8 hours

4) Change request - 8 hours

We do not offer weekend support as standard.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer one support structure which allows the user to purchase a "package" of days with volume discount

Support Package Costs:
1 day £1500
5 days £6000
10 days £11,000
15 days £15,750
25 days £25,000
35 days £33,250
50 days £45,000
75 days £63,750
100 days £80,000

We also offer packages of classroom training specific to the traqplan software which can be more cost efficient for larger groups of people;

Prices for training courses;
1 training course £1200 per course.
2 courses £1100 per course
3 courses £1000 per course
5 courses £900 per course
10 courses £800 per course (covers 80 people)
15 courses £700 per course (covers 120 people)

We appoint a technical account manager to a customer .
We do not offer weekend support as standard.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training, access to video tutorials and documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The users can extract their data by requesting it via email.
End-of-contract process At the end of contract the user login access is removed, and the customer details are deleted. There is no additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface The interface to the service is via a web domain which provides login via OAuth2. This login can be integrated with the customer secure services such as Okta , or via an OAuth2 provider. On logging in the user can access their organisation account. The service is only available through web browsers and the data and usage is not suitable for smaller screens such as smart phones.
Accessibility standards None or don’t know
Description of accessibility All of our graphical elements have textual descriptions.
Our control buttons have text embedded in the button and the menus are plain text.
Our application is not intended to generate a sensory experience.
We provide training material in video format with audio, however for accessibility this is also made available in written format (pdf) with textual descriptions.
Accessibility testing We have tested with an experienced user of JAWS (assistive technology for the visually impaired experienced). While the tool itself can read lists we were provided feedback that the nature of our application is extremely graphical and indeed the purpose of our application is to convert tabular textual data into graphics. The JAWS application works better with the raw data which we use as input, therefore users of assistive technology would read the raw source data we use as input which is readily available.
Customisation available Yes
Description of customisation Administrators can add normal user accounts;
All users (both administrators and non-admin) can tailor the views they wish to create, and can save bespoke views of their plans and data.
The type of customisation they can achieve includes completely designing their own views and saving multiple views, changing symbol colour , shape and text descriptions. They can change the plan activity bars colour, size and text descriptions.

Customisation is all done view the web browser user interface graphical user interface.


Independence of resources Traqplan is a Cloud Native architecture, consisting of containerised micro-services, and is designed for horizontal scaling. Resources can be scaled to meet demand.


Service usage metrics Yes
Metrics types We can provide metrics on file upload data and time.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users export their data by printing it from within the application. This can be printed to hard copy or to pdf or softcopy using export function provided.
Data export formats
  • CSV
  • Other
Other data export formats
  • Pdf
  • Hard copy
  • Excel
Data import formats Other
Other data import formats Microsoft Project files

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We use Microsoft Azure as our hosting environment and pass through the following service level agreement commitments;

99.9% availability of service and data
If less than 99.9% availability per month we will return 10% service credit
If less than 90% availability per month we will return 25% service credit
Approach to resilience We prefer not to make this information public, and we will provide this information on request.
Outage reporting We report outages via email alerts to the designated customer administrators for the application service.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication We can also integrate with any organisations bespoke authentication service.
Access restrictions in management interfaces and support channels Access to management interfaces and support channels is controlled and restricted using role based access controls.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Less than 1 month
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Certification

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are working towards ISO27001 standards and our processes are aligned towards this. Our processes outline responsibility towards security throughout the company and supply base with security terms built into contracts and training rolled out internally. Our governance against our processes is led from the top of the company down with CEO and CTO ensuring regular audits are performed. Our incident response process ensures transparency with our customers and builds in lessons learned for continual improvement. These policies are built into our security policies and adherence to our policy standards (or similar) are built into service contracts and employment contracts.
Information security policies and processes Our security policies are based on ISO27001 standards as we are working towards ISO27001 certification.

Our documented policies include the following;
(1) Information Security Policy (ISP ) which outlines the security framework, leadership commitment, organisational aspects and operational assurances we are committed to performing.

(2) Information Security Management System (ISMS) which goes into specific detail across a broad range of areas per ISO27001 and how we conduct ourselves.

(3) Incident Response Plan which outlines how we respond when an incident is found and repeats our commitment to transparency with our customers and how we involve outside agencies where appropriate including ICO, law enforcement and the customers.

(4) Risk Management Process which defines how we assess and pre-empt security risks.

Reporting Structure
Our policies define that security is led from the top of the company ultimately through the CEO and CTO, and evidence of adherence to security policies is a standing agenda item in the company board reviews. The incident response plan defines the reporting of incidents from the point where the incident was noticed directly through the named data security officer and CTO with the CEO being informed of every incident.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach New Development or infrastructure: Board reviews major choice of infrastructure.

Quality Testing: Systems components are selected and regularly reviewed for currency, regularity of updates and industry wide adoption. Our system updates do not depend on board review for approval and can be rolled out in faster controlled process to respond to security threats.

We test all changes in a test environment before deploying them to live production systems.

We use role-based access to control authorisation to change production systems.

Scripted deployment for automatic deployment from source control, eliminates human error, and assures the configuration of deployed software.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We identify and mitigate security issues using the following approach;
(a) we assess vulnerabilities by running automatic audit tools on the software to flag where known vulnerabilities exist and where patches are available.
(b) continuously check for known vulnerabilities against the software systems, components and libraries we use. We apply patches within two weeks to close known vulnerabilities. When no patches or updates exist we assess the risk of the vulnerability to determine the safest course of action.
(c) we get information from CiSP membership bulletins and by news bulletins from membership forums such as the International Systems Security Association.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Protective monitoring – in order to detect attacks and unauthorised activity on the service we employ a combination of automated audit logging and regular analysis of these. If a potential compromise is discovered we look more closely at audit logs and logins to determine if a compromise has actually occurred. In addition, we determine a risk score based upon 3 factors: the likely threats; the likelihood that there was a compromise; the impact of the compromise. We respond within 24 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a detailed incident response plan document covering processes for all events including common events

Users report incidents through the DPO in written form and verbally.

Incident reports are captured in written form and emailed.

Our process;
1) The discoverer captures details and alerts the designated DPO
2) Incident analysed , categorised and recorded
3) Recommend changes to prevent propagation
4) Restore the affected system(s) .
5) Preserve evidence and permanent log of incident
7) Notify proper external agencies and customers as appropriate.
8) Review response and update policies—plan and take preventative steps so the intrusion can't happen again.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15 to £150 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The trial is available for full access to all the application features for four weeks duration.

This does not include;
a) bespoke requirements to enable access to the system
b) access to the support SLA
Link to free trial

Service documents

Return to top ↑