Bubble Innovator Ltd

Bubble Innovator™ PPM - Project Portfolio Management Software

Innovator™ PPM is a powerful project and portfolio management software. Dashboards and metrics provide outstanding visibility and control for senior management, while process models support project governance and team collaboration. A single source of truth for fact-based decision making and project management, it’s highly configurable, quick-to-deploy, easy-to-use and well supported.


  • Portfolio Dashboards (Fully configurable to plan / monitor investments)
  • Real-time Portfolio Analysis & Scenario Planning Tools
  • Roadmapping tools (e.g. Strategy / Service / Technology Roadmaps etc)
  • Supports Waterfall, Agile and hybrid project management processes
  • Business Case, Financial and Risk Management tools
  • Project Selection and Prioritisation tools (e.g. Balanced scorecards)
  • Project Process Governance and Management
  • Fully configurable Metrics (e.g. 1-click Chart builder / Reporting tools)
  • Resource, Task & Capacity Management Tools
  • Personalised / Team Task Lists, Timesheets, etc.


  • Better performing portfolios (in both the short and long term)
  • Productivity and efficiency gains across all projects
  • A flexible and usable system that’s quick to deploy
  • Improved visibility and control at both portfolio & project level
  • Forecast future resource needs and ensure they are balanced
  • Ensure projects align to strategic goals and interdependencies are clear
  • Shorten project leadtimes
  • Highlight, monitor and manage Project Risks
  • Streamlined / simplified reporting at both portfolio & project levels
  • Multi user and remote access to aid team collaboration


£6 to £45 per person per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 2 1 8 4 9 1 5 1 7 1 1 9 9 8


Bubble Innovator Ltd

Peter Hoyland

+44 (0)1223 852664


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Bubble PPM software has a better than 99.9% availability record, including minimal downtime for scheduled upgrades.
System requirements
Modern Web Browser (IE9 or later, Chrome, Safari, Firefox etc)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our cloud software includes: Live user support desk, help site and ticket resolution, and a Personal account contact point (for system Administrators). Support requests and tickets are monitored continuously (including weekends/public holidays - during which time urgent/critical requests are addressed).

Bubble have 4 support level standards for response. Severity 1 incidents are addressed 24 x 7. All other severity incidents are supported 07:00 – 18:00 (GMT) Mon – Friday. During this time, we have a target response time of 1 hour for severity 2-3 incidents.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
During the deployment phase of our software, the following support is provided as part of the one-time set up fee:
• Initial system configuration
• Setting up of the customer data archives
• System validation
• Deployment of the customer instances (Production and Test)
• Initial user training for up to 50 users.
• Support for initial population of system data

Additional user training, if required, can be organised separately via Cloud Support.

Once deployed, the following support is provided as part of the license fee, at no additional cost to the customer:
• A range of on and off-line training support materials (e.g. Quick Start Guides, Help Sheets and ‘How-To’ Manuals)
• Online help site
• Live help desk (e.g. direct emails and ‘feedback’ button)
• All clients have an Account Manager with whom they can address all aspects of the software and service.
Support available to third parties

Onboarding and offboarding

Getting started
Bubble Innovator™ PPM software deployments are performed by our specialist consultants who work with each customer to define a configuration document. Through this process, we identify deployment objectives; process scope; process models; financial models and metrics; training and technical support needs.

Each implementation is configured to suit the individual customer's needs, so there is no absolute rule for timings of deployment. However, depending on the degree of configuration required, an initial instance of the Bubble PPM software can be made available to system administrators within 2 weeks of the award of the contract, and a fully configured system is usually ready for deployment within 6-8 weeks.

The deployment process focuses the customer’s implementation needs and the formalization of delivery requirements. This commonly includes workshops to define:
- Process models
- Roles and responsibilities
- Financial models
- Resource management
- Governance and relevant business processes
- Metrics, dashboards, and reports
- Interfaces with other processes
- Training and roll-out planning

Once the system has been configured we go through a sequence of:
- User acceptance testing
- Training for users
- Training for Administrators/superusers
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Bubble will make all reasonable efforts to provide data in a format that customers require. Our Bubble Innovator™ PPM software has a number of existing API endpoints that can be utilised by 3rd party applications to transfer data to, and read from, the system (e.g. retrieve detailed project and financial data from the system and / or export data to other systems).

Almost all data can be accessed via report building function and this can always be exported into Excel.
End-of-contract process
Upon termination of the Bubble Innovator™ PPM Cloud Software contract, the customer can access:
• A secure site to retrieve archive export file of data for 60 days.
• Relevant files, logs, configuration data such as:
- Database data
- Database metadata
- Document attachments
- Customer specific application archives

During this time the Bubble support team remain available remotely to assist with general customer inquiries or questions (at no extra cost). On-site or bespoke requirements (outside the remit of the original contract) incur an additional charge.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Desktop service is usable on mobile devices.
Service interface
Description of service interface
As an end-to-end Project and Portfolio Management web application, Bubble Innovator™ has multiple service interfaces. The system includes a range of text, data and image based modules/sub-modules.
Accessibility standards
None or don’t know
Description of accessibility
Generally speaking all modules (and sub-modules) are broadly accessible, but due to the multifaceted nature of the software, some advanced functions are not compliant with WCAG guidelines.
Accessibility testing
Have carried out limited selenium tests on main modules within the application.
What users can and can't do using the API
We use our API to integrate and interface with a variety of 3rd party tools. Access to our API is defined as a custom configuration and is not controlled directly by system users.
API documentation
API sandbox or test environment
Customisation available
Description of customisation
Bubble PPM software offers a very high degree of configurability at both the system and individual user levels. This includes, but is not limited to, configurable:
• Portfolio & Project Dashboards.
• Process Templates.
• Planning Tools (i.e. Roadmaps, Scorecards etc).
• Charting & Reporting Templates.
• Project & Delivery Milestones.
• Project Descriptors.
• Allocation of Resources / Tasks.

In addition, there is a finely grained permissions system that enables the client administrators to control access and functionality levels for every user.


Independence of resources
As a web-based system, Bubble PPM allows simultaneous access, communications, and project progression. There is no upper limit to the total number of users, user types or projects that the software can support at a given point in time.

Our AWS hosting enables us to scale our capacity at will.


Service usage metrics
Metrics types
The application monitors and logs all user access. System access and service usage metrics are restricted to Super Users / Administrators. Other user types are governed by the Bubble Innovator™ PPM permissions model (e.g. most user types can select a wide range of project and portfolio metrics, such as project progression status, completed tasks & milestones/risk flags and other information). Permission to view metrics data can be granted to users on a per-project basis or by role type.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Bubble PPM data is stored on Microsoft SQL Server database instances provided by AWS Relational Database Service (RDS). These instances are upgraded automatically by RDS when new versions of SQL server are available.

Data is encrypted both in transit between the database and application layers and at rest in the database. RDS provides the capability to restore the database to any point in the last 35 days to a 5-second resolution. Full database backups are exported every 3 hours to S3. These backups are stored for 5 years.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be seen live and at all times within the system or exported in a variety of common formats. There are a number of standard project reports available via a 1-click download feature. This includes project-to-a-page, launch / go-live reports, and key milestone reports.

The report builder tool also allows users to select any metric, data table or project information to create bespoke tabulated or chart views and reports. Exports are configurable and provide options for numeric, text commentary, status summaries, and RAG indicators etc. Output formats are editable Excel spreadsheets, or PDFs
Data export formats
  • CSV
  • Other
Other data export formats
  • MS Excel (e.g XLS / XLSX)
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel (e.g. XLS / XLSX)
  • Images can be uploaded in Tiff, JPEG, PNG formats
  • Attachments can be uploaded in any desired format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Service is provided over the internet, traffic is encrypted by SSL / TLS
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All core infrastructure underlying Bubble PPM is provided by Amazon Web Services (AWS) in their EU West service region (Ireland). AWS holds ISO 27001 certification.

Availability and resilience

Guaranteed availability
Bubble Innovator™ PPM software has a better than 99.9% availability record, including minimal downtime for scheduled upgrades.
Approach to resilience
Bubble Innovator™ PPM software is designed as a distributed system. We have global server availability and in the event of an emergency can have services back up and running in a matter of minutes.

Bubble Innovator™ PPM component servers are backed up to full images regularly. These images are stored in geographically redundant locations and can be used to bring up replacement application instances at short notice in the event of an instance failure.

Customer data (such as images and spreadsheets) is backed up daily to AWS Simple Storage Service (S3). The data centre is protected by fire suppression and detection systems, climate and temperature controlled, and powered by generators in the event of a power failure.
Outage reporting
In the unlikely event of a system outage, Bubble have a procedure in place to alert users. Administrators / Super Users and key contacts would be sent an e-mail alert from a recognised contact within the Bubble support team.

Bubble's e-mail system resides on servers which are unrelated to our application servers.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Data input is only permitted from authorised users and only authorised users can view system output. Designated system administrators have access to a detailed permissions system which can control user access to both project and system level content.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ACS Registrars Ltd
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All data handling operations at Bubble are covered by our ISO certification (e.g. payroll, application development, data transport security etc).
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Amazon Web Services (AWS) holds ISO 27001 certification.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Bubble have a documented framework for security governance, which includes the security policies set out in the following section.

All computers used to develop Bubble PPM or administer the PPM network and components are encrypted. Passwords are stored in industry-standard password management software.

Access to administrative interfaces is restricted to personnel with a valid requirement and secured with multi-factor authentication. New staff references are checked and verified.

When staff leave, a security procedure takes place to revoke and disable access to our systems.

Daily briefings allow ad-hoc security-related issues to be discussed between teams and leaders of the business.
Information security policies and processes
Bubble has written policies (available on request) governing key aspects of information security relevant to the service. They include policies on:

• IT Security
• Security Awareness and Communication
• Logical Access
• Physical Access
• Security Monitoring
• User Authentication
• Incident Management
• Asset Classification and Management
• Systems Development and Maintenance
• Personnel Security
• Change Management

Separate policies cover our development and administration processes, technical infrastructure, networking, application layer frameworks.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Bubble track all changes to the system via a weekly system change log. Any changes to the system are assessed for security impact by development and security administrators. Additionally, user requests, development projects and bug fixes are recorded in an issue tracker ticketing system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Bubble undertake vulnerability scans, keep track of vulnerability announcements and monitor information about potential threats from security mailing lists (e.g. USCERT). Where any potential vulnerabilities are identified, patches are applied as appropriate in a timely manner.

Incoming traffic to Bubble PPM is routed through:
a) AWS Web Application Firewall which automatically blocks IP addresses making requests at an excessive rate.
b) AWS CloudFront which protects internal Bubble PPM components from common forms of DDoS attack such as UDP reflection and SYN floods.
c) Nginx which directs traffic to the necessary Bubble PPM component and log unusual requests.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Includes OSSEC HIDS (Host based intrusion Detection System), Trend Micro security suite and Nagios.

All services are hosted inside an AWS Virtual Private Cloud (VPC). Traffic between infrastructure components (e.g. database instances) is routed over private network links, not over the Internet, and is encrypted where appropriate. Routing tables are configured to prevent inappropriate data egress and connections to internal Bubble Innovator™ components.

All traffic is encrypted using SSL/TLS encryption configured to TLSv1.2 and modern cipher suites to prevent common SSL attacks such as POODLE. The same encryption technologies are used to protect traffic between Bubble Innovator™ and its users.
Incident management type
Supplier-defined controls
Incident management approach
Data can only be viewed by authorised users. Unauthorised access attempts result in an account being locked until an administrator confirms the user’s identity/resets access. Security Groups, which block/allow traffic based on originating/destination IP and port, provide additional protection. In the unlikely event of an incident or breach, notifications are sent to administrators (by OSSEC) for investigation. E-mails are sent to affected users and communications continue until the issue is resolved.

System data is secured against accidental/intentional loss. The only personal data stored by Bubble is the username/email address. The feedback system allows users to communicate concerns at any time.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£6 to £45 per person per month
Discount for educational organisations
Free trial available
Description of free trial
Limited trial access is available on a case by case basis (where requested). We also provide in-person extended/rich demo's that cover specific modules or the software as a whole.

Service documents

Return to top ↑