Asset Handling Ltd

Programme Insight Manager

Programme Insight Manager or PIM, is a Software as a Service Solution designed to give businesses a full real time view of all projects, accessing all key project information from a single source of the truth integrated with existing systems.


  • Data Warehouse to provide single Source of the truth
  • Full portfolio Management
  • Risk and Change Management Modules
  • API's to Connect to Multiple Data Sources
  • Sign Posting of issues and early warnings before they arise
  • Lessons Learnt Module
  • Executive reporting, Dashboards, including Self Service BI Tools
  • View and Update Planning tools such as Primavera P6
  • Commentary Artificial intelligence
  • Data Science models to predict success & failure


  • Application allows view and update schedule information
  • Provides single source of consolidated project information
  • Reports are generated in PIM which can be run/scheduled
  • Tetris reports provides visual report of project performance
  • Earned Value methodology with metrics calculated automatically
  • Risk register provides monte carlo risk functions to predict impact.
  • Commentary shows on the relevant performance reports
  • lessons learnt, successes utilised to refine project plans
  • Extracted data from source systems in to a SST
  • Automation and Validation of data quality and integrity


£4000 per instance per month

Service documents


G-Cloud 11

Service ID

5 0 5 1 8 7 7 8 1 5 3 3 0 1 2


Asset Handling Ltd

Stephen Harrison

0845 075 5886

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No Constraints as we can configure PIM to a clients requirements
System requirements
  • Internet Access
  • Internet Browser IE8 or above or Microsoft Chrome

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As per customers SLA requirements, we can provide responses to suit the need of the customer
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing We use Skype for Business, we can use Skype for business to screen share and or control a users machine.
We do this normally to help users understanding of how to do a task in AIM if they are a new users
Onsite support Yes, at extra cost
Support levels Our SaaS Monthly fee covers all software related support and the cost of account management and meetings.
We charge our customers for any customisation that they want for the specific instance of the application
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Design including workshops to identify the different source systems, data flow, mapping and reporting requirements.
PIM configuration of required modules with user testing against their data sets.
Administration and End User Training on or off site including "train the trainer" approach.
Customise user documentation to align with client business processes.
Early life support, to ensure that appropriate levels of support are provided during stabilisation and that issues are addressed quickly and knowledge is transferred to PIM “super users” and system administrators prior to final handover
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction ETL and batch processes terminated.
Users deleted and data archived / destroyed depending on client requirements.
Additional cost if data extracts required in client specific format.
End-of-contract process Batch process stopped, data requested fulfilled.
Users deleted
Data Destroyed

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface No
Customisation available Yes
Description of customisation The PIM application can be configured by the user for the following:
Field Names / Region Names / Menu Items / Security matrix / Add custom fields / Grid Entry Forms
Users can customise the application by developing their own reports and dashboards in PIM's integrated BI tool and deploy to PIM for standard user access.

Asset Handling's development team will customise standard integration interfaces and application functionality to meet client specific requirements.


Independence of resources We have a scale-able infrastructure provided by AWS which allows us to increase storage space and processor power to the demand required with no physical hardware


Service usage metrics Yes
Metrics types We log each action of each user, we produce a monthly report of user logins to the customers so they can see if the users are using the system
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The application features an export data functionality on each page, this allows users to download the data in the following formats.
Microsoft Word
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Application
Type Impact Prioritisation Response Resolution Support Cover

Business Non Critical
Service unavailable for
> 50 users
30 mins
8 hrs Mon - Fri 8am to 6pm
Service unavailable for
< 50 users
1 hr
8 hrs Mon - Fri 8am to 6pm
Impact Prioritisation Response Resolution Support Cover

Service unavailable for up to 50 production users
Approach to resilience Available on request from GTT, our managed service provider with key information regarding DR and failover between data centres available in MEC Business Continuity Plan FAQ vf10.pdf, example including: GTT operates a range of threshold monitoring across the MEC platform and associated systems to assure service quality and operations with defined Event and Incident Management protocols. These alerts are categorized and prioritize based on the service impact: Critical, Major, Standard. Critical incidents have the greatest impact to service operations and represent service disruption. Any impact to service operations is processed as a “Critical” incident impact, with any platform ‘Critical’ incident impacting multiple customers initiating a critical continuity response and MEC platform failover. From initial detection of platform ‘Critical’ incidents, GTT Operations Centres would apply our continuity controls with a 4 hours RTO target to restore platform and service continuity. Throughout these activities our continuity response would provide service communications.
Outage reporting We alert users by email of any planned or unplanned down time.
Calls are also made by the account manager to the senior contact for the customer

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels TLS with user name and password
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 27/02/2018
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Asset Handling have the following security policies and processes as part of ISO 27001:
- Information & Security policy
- Data Attack preparedness and response process
- Data Security Breach Incident management policy
Incident response is conducted by the Directors of the company with input from other members of the technical team dependent on the type and scale of the issue with policies reviewed and testing completed annually, as a minimum.

As part of staff on-boarding, we educate staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Our software development policy covers requirements analysis, systems development and change and release management including: o 1 Major release every 2 years o Up to 4 Minor releases per year o emergency fixes in between o agreed with clients in advance Our change management process covers: - Create request for change in CRM (RFC) - Review / evaluate request for change - Approve / Authorise / Reject change - Coordinate change implementation - Close change request Our release management process covers: - Build & test release - User Acceptance Test - Prepare and deploy release - Update configuration management database
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have adopted a patching strategy with our 3rd Party Managed Service provider Interoute, who are responsible at an OS and application server level, to ensure that relevant patches are applied on a regular basis. IAM will assess the patches and apply as part of the agreed strategy with the recommendations for patch management provided as part of the quarterly scheduled Health Check services and delivered to the production system under strict change control. Information regarding potential threats are received from our infrastructure teams as well as partnerships with 3rd part technology providers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Regular testing is performed by accredited external consultants to deliver a programme of testing against our applications, covering: • Any weaknesses that may be present which could be exploited by an attacker aiming to compromise Asset Handling systems and data • The threats facing Asset Handling information assets • That Asset Handling's security expectations and requirements are being met. • That a thorough and comprehensive penetration test has occurred. • To adopt best practice AH will analyse the weaknesses detected and evaluate the impact associated with each security weakness and implement any recommendations for mitigating the risks with the vulnerability.
Incident management type Supplier-defined controls
Incident management approach On a daily, weekly and monthly basis, health checks are run on the systems to ensure they are running as expected, including automated notifications. Our incident reporting process is summarised as: - Incidents are raised on the company service desk run (logged by phone / email / web) - The incident is then assigned with an email sent directly to the client - The incident log is updated with all actions - At resolution, an email is sent that the incident has been resolved. Monthly SLA reports are available covering service desk requests as well as availability summary reports.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4000 per instance per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑