Bestoutcome

PM3

PM3 is a cloud-based Project Portfolio Management tool (PPM) widely used in the NHS and other public sector organisations. It is easy-to-use and has been designed by project management practitioners for project management practitioners. PM3 focuses on ‘top down’ planning, savings tracking (including CIPs), governance and realising value from projects.

Features

  • Savings and benefits tracking
  • Project and Programme Gateways
  • Project, Programme and portfolio reporting
  • Resource and Capacity Management
  • Timesheet management including utilisation tracking
  • Risk, Assumptions, Issues, Dependencies and Decisions Log
  • Project, Programme and Portfolio Accounting
  • Project and Programme Plannning (top down and bottom-up)
  • Actions Management and Alerting
  • Project, Programme and Portfolio Dashboards

Benefits

  • Reduction of PMO time producing reports
  • Reduction of Project Managers' time producing reports
  • Dashboards are available in real-time saving time
  • Early intervention on failing projects due to PM3 alerts
  • Savings plans are accurate due to links to delivery plans
  • Savings due to improved utilisation of resources
  • Executives are more effective due to real-time information
  • Promotion of milestones supports programme managers' decision making
  • Gateway Management stops funding of projects with inadequate business cases.
  • Improved decision making due to 'one version of the truth'

Pricing

£8 to £75 per licence per month

  • Free trial available

Service documents

G-Cloud 10

434845989290188

Bestoutcome

David Walton

01753 885864

David.Walton@bestoutcome.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints To use PM3, all that is needed is a supported browser and a laptop or device that can access the internet. No other software or hardware is required.

Maintenance is performed out of hours so is not a constraint.
System requirements
  • Supported Browsers
  • Internet enabled device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond between 2 working hours and 16 working hours, depending on severity. Our support services are available Monday to Friday 9pm to 6pm local UK time, (excluding public bank holidays).

Typically, our support team respond within 10 minutes of a ticket or support call being raised.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide Service Level Agreements as defined in the software contract. It is very rare for a client to require our technical team to attend their site to resolve technical issues, but we would charge for this service at rates shown in the Pricing Document. Every client has an Account Manager
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide on-site and remote training, and on-line videos which can be watched on-demand. User Guides including a quick-start guide are provided, and the product has an extensive on-line Help system. We also provide support to the client for planning their PM3 implementation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the end of the contract users can extract their data in two ways:

1) We can provide a SQL Server Backup which the client's technical people can extract data from; and
2) Our Datamart product can extract all project data easily into Excel, PowerBI or a range of BI tools
End-of-contract process There are no additional costs at the end of the contract. At the end of the contract a customer can extract their data using Excel export of screens and we would then decommission the service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service PM3 can be used on most mobile devices. Typically, it is used on Andriod and IOS tablets.

There is no discernable difference in accessing PM3 on a desktop or mobile device but if you are entering significant amounts of data we recommend the desktop devices.
Accessibility standards None or don’t know
Description of accessibility PM3 supports colour-blind users but we have not yet conducted testing with assistive technology users
Accessibility testing We have not yet conducted testing with assistive technology users
API Yes
What users can and can't do using the API PM3 Data is available for Management Information Analysis via SOAP and REST web services.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Many of the fields in PM3 can be customised by the user. User profiles may also be customised by the user. For example, User Interace groups can be created allowing different users to have access to different screens.

PM3 has many configuration options that the customer can change. We can also offer a cutomised consulting support model if required.

Scaling

Scaling
Independence of resources Usage of disk space and CPU are closely monitored. PM3 is installed on a virtual infrastructure allowing us to easily turn on more disk and CPU as needed.

Analytics

Analytics
Service usage metrics Yes
Metrics types We can provide metrics on demand of uptime of our service, number of user log-ins and user time on the system.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach We have an API whereby users can extract their data into Excel or into a range of BI tools including PowerBI, business Objects, etc.

We can also provide a SQL Server Backup which the client's technical people can extract data from
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability SLAs for availability are specified in the software licences contract, and are summarised below :

- Non-resilient option: 99.87% avail; fee credit – pro-rated unavailable time of monthly charge
- Resilient option: 100% avail; fee credit – 5% of monthly charge for each 30 minute period
Approach to resilience Our hosting supplier, Pulsant, has robust procedures in place that ensure system and data resilience. Details of these procedures could be provided on request
Outage reporting We report any outages via e-mail alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for restricting access in management interfaces and support channels. This includes physical separation of the client databases.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 01/02/2018
What the ISO/IEC 27001 doesn’t cover Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. Anything else is excluded.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for restricting access in management interfaces and support channels. This includes physical separation of the client databases.

We have a board member who is responsible for Security and we also have a Security Officer who reports to the Security Director.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that our Configuration and Change Management processes and tools are effective and sufficient. We can provide full details on request, describing how we use SourceSafe for code and release management, MozyPro for backup and restore, and Vipre anti-virus software for malware protection
Vulnerability management type Supplier-defined controls
Vulnerability management approach Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that we have effective and sufficient processes in place for vulnerability management. Security Issues are treated as Incidents. Security Risks are recorded in the Risk Treatment Plan (which is part of our ISO 27001 certified Information Security Management System) and are managed through the monthly Management Reviews.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that we operate effective and sufficient processes for protective monitoring. Our ISP is responsible for monitoring of the live servers, and their systems include DNS and virus protection. As part of our ISO 27001 processes we regularly review the log files on the servers for irregularities, and take appropriate measures to log these Issues and resolve them
Incident management type Supplier-defined controls
Incident management approach Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for incident management. Our Information Management Security System Policy includes the following statement “Any and all incidents must be reported immediately in the Information Security Officer. Incidents are recorded in the Issues Log. Bestoutcome’s primary goal is to re-establish secure access to the customer’s systems as rapidly as possible and ensure there is no loss of data or data integrity."

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)

Pricing

Pricing
Price £8 to £75 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Our free trial service is limited to 10 users and 2 months. We install a version of the software. We also provide training and support during the trial period.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑