Brightwire

Project HUB - Project Management in SharePoint

Brightwire's SharePoint ProjectHub provides a central way of managing projects, stores project documents and provides project performance reporting. It helps our clients to categorise, manage and run projects whilst transforming the way people collaborate, creating efficiencies in workload and providing valuable insight into projects for Senior Management.

Features

  • Project portfolio management
  • Budgetary insight
  • Control over project resource allocation
  • Insight into project statuses
  • Integration-capable with other line of business applications
  • Flexible system can be tailored and adapted
  • Categorised levels of projects with customisable views
  • Management of the project lifecycle from concept to delivery
  • Systems integration with other line of business applications
  • Workflows and automation

Benefits

  • Increased staff productivity
  • Users work better and more effectively
  • Improves agility through better data insight
  • Streamlines and supports business process improvement
  • Improved team collaboration with easy to use tools
  • Project specific templates automatically created
  • On-demand access to business analytics and data
  • Project timeline and task management
  • Easily manage security and user permissions
  • Migrate data from existing SharePoint environment and network file shares

Pricing

£675 per person per day

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

4 4 3 1 4 0 2 3 0 8 4 1 1 1 3

Contact

Brightwire

Clare Millar

0131 541 2159

clare.millar@brightwire.net

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to SharePoint and Dynamics365 consulting and custom development; business transformation and internal communications consulting.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
System requirements
  • Office365/SharePoint environment
  • Office365, 2016, 2013, 2010
  • Latest versions of Mozilla Firefox, Google Chrome, Apple Safari
  • Processor - 1.9 (GHz) x86 or x64-bit dual core processor
  • Memory - 2GB RAM
  • Display - SuperVGA with a resolution of 1024 x 768
  • Bandwidth greater than 50 KBps (400 kbps)
  • Windows 10 - Internet Explorer 11 and Microsoft Edge
  • Windows 8.1 - Internet Explorer 11 and Microsoft Edge
  • Further information on the Microsoft site: https://docs.microsoft.com/en-gb/sharepoint/

User support

User support
Email or online ticketing support Email or online ticketing
Support response times There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer a variety of training plans to help users start using the service. Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings. User documentation is provided where required in electronic format. Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking. User guides: these can either be documented or video guides for users and contain quick tips and handy reference information. Online training: we can provide online training if required - typically to larger groups of users. The level of onboarding and offboarding support depends on the customer's requirements. We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Word
  • Video/Multimedia
End-of-contract data extraction All data can be exported as a SQL Server database backup or via reporting tools, or can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
End-of-contract process The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface Yes
Description of service interface SharePoint provides a service interface out of the box to enable management and configuration of sites and users.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Extensive testing has been done by Microsoft to ensure compliance with accessibility guidelines. Conformance reports can be found here: - https://www.microsoft.com/en-gb/Accessibility/accessibility-conformance-reports - https://www.microsoft.com/en-us/trustcenter/compliance/compliance-offerings/wcag - https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/
API Yes
What users can and can't do using the API A variety of functions can be performed using the Web API and these depend on client need. This allows users to work with content, media, and users via a REST API
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Brightwire's SharePoint Projects Hub can be extensively customised to suit client needs. A range of areas can be customised - ranging from simple to complex workflows, triggers and notifications (as examples).

Scaling

Scaling
Independence of resources There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Various formats can be exported
  • XML and database backup
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Excel
  • JSON
  • Various formats can be exported from Dynamics365
  • XML and database backup

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability For Microsoft SharePoint and 365 licensing the Microsoft guarantee for service level uptime is 99.9%. Should the service fall below this in a given month then a credit will be given against the applicable month's subscription fee.
Approach to resilience Microsoft 365 and SharePoint offerings are delivered by highly resilient systems that help to ensure high levels of service. Service continuity provisions are part of the 365 system design. These provisions enable 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable). The Microsoft 365 and SharePoint Online service is designed to provide a high degree of security, continuity, and compliance—service goals that are derived from the Microsoft Risk Management program. Further information is available here: https://docs.microsoft.com/en-gb/Office365/securitycompliance/office-365-data-resiliency-overview
Outage reporting Administrator dashboard with alerts and notifications (email and online). Outages are reported through the Office 365 admin center. Clients can see the current and historic service health, and planned maintenance. Further information is available here: https://docs.microsoft.com/en-us/office365/enterprise/view-service-health

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality. Users are authenticated by using an Office 365 account (Office 365 licence not required). Authentication can be handled in a variety of ways depending on how a client wishes to manage access, including multi-factor authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI - see website for Office365- Certificate Number IS 552878
ISO/IEC 27001 accreditation date 15/10/2016
What the ISO/IEC 27001 doesn’t cover In scope: The management of Information Security Management System (ISMS) for Microsoft Office 365 Services development, operations, support, and protection of personally identifiable information. The underlying platform is accredited to ISO27001.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:
Request: Initiation of a change with a request for change (RFC);
Classification: Assigning a priority to the change after assessing its urgency and impact;
Authorisation: Processing the RFC through to the change advisory board;
Development: Developing the change, release management;
Release Management: Releasing the change for testing;
Review: Conducting post-deployment review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. Critical updates are always deployed as soon as they become available and always within a 4 hour window. Office 365 runs multiple layers of antivirus software to ensure protection from malicious software. Servers within the Office 365 environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware.
Incident management type Supplier-defined controls
Incident management approach Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. For outage incidents with SharePoint/Office 365 that are Microsoft related, the administrator will receive alerts and be able to raise issues using the administration dashboard. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £675 per person per day
Discount for educational organisations No
Free trial available Yes
Description of free trial A vanilla free trial (i.e. without customisations) is available for a duration of 30 days.

Service documents

Return to top ↑