Tisski Limited

PROJECTFORWARD: Microsoft Dynamics 365 for Project Management in the Public Sector

Tisski provide a total Microsoft Dynamics 365 project and programme management solution, designed to meet the needs of organisations within the public sector. Our pre-configured solution (Projectforward) supports management, resourcing and monitoring of projects and programmes of work through project service automation, addressing the key needs of public sector organisations.

Features

  • Dynamics 365 solution adapted specifically for public sector project management
  • Monitoring and analysis of strategic project objectives and outcome measures
  • Project and Programme level analytics and dashboards
  • Projectforward provides public sector project risk and issue management
  • Microsoft Dynamics 365 ensures excellent project planning and budgeting
  • Programme funding stream and contract management
  • External access to project details via Dynamics self-service portal
  • Resource Management, Scheduling, time tracking and Skills Profiling
  • One complete automated platform fostering productivity, intelligence and security
  • Integration with Microsoft Office 365, Azure and third party applications

Benefits

  • Modern consistent and extensible platform not restricted by legacy technology
  • Ability to automate and run your organisation from the cloud
  • Helps organisations to increase the speed of their business processes
  • Facilitates discovery, analysis and data application to improve decision-making
  • Monitor progress against strategic investment projects and programmes
  • Harness the power of Microsoft Dynamics 365 for project delivery
  • Cortana and Power BI to build intelligence into processes
  • Surfaces Microsoft products for business processes, roles and jobs
  • Provides the fundamental elements for Digital Transformation
  • Integration across the Microsoft suite, reducing operating costs

Pricing

£59000 per instance

Service documents

Framework

G-Cloud 11

Service ID

6 9 2 1 4 7 5 7 1 5 4 4 1 9 7

Contact

Tisski Limited

Dan Coupland

07535900510

dan.coupland@tisski.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Internet Explorer, Edge, Mozilla Firefox, Google Chrome or Apple Safari
  • Office Integration requires Office 365, 2016, 2013 or 2010

User support

Email or online ticketing support
Email or online ticketing
Support response times
Bronze Support: (09:00 – 17:00 Monday – Friday excluding UK public holidays & weekends) • P1: 2-hour response; 8-hour resolution • P2: 8-hour response; 16-hour resolution • P3: 24-hour response; 40-hour resolution • P4: 40-hour response; 80-hour resolution. Silver Support (08:30 – 17:30 Monday – Friday excluding UK public holidays & weekends) • P1: 1-hour response; 4-hour resolution • P2: 4-hour response; 8-hour resolution • P3: 8-hour response; 24-hour resolution • P4: 24-hour response; 40-hour resolution.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Bronze Support: (09:00 – 17:00 Monday – Friday excluding UK public holidays & weekends) • P1: 2-hours response; 8-hours resolution • P2: 8-hours response; 16-hours resolution • P3: 24-hours response; 40-hours resolution • P4: 40-hours response; 80-hours resolution. Silver Support (08:30 – 17:30 Monday – Friday excluding UK public holidays & weekends) • P1: 1-hour response; 4-hours resolution • P2: 4-hour response; 9-hours resolution • P3: 8-hours response; 27-hours resolution • P4: 27-hour response; 45-hours resolution. Gold • Bespoke packages available upon request. Tisski uses ITIL v3 framework for service operations, implementing a robust incident management process, covering the receipt, triage, assignment, investigation and resolution of incidents, as well as the identification and recording of known issues and fixes. A clear escalation process is in place, incorporating the Service Desk Manager, your nominated Account Manager/ Service Manager and Operations Director. KPIs are in place to monitor performance against SLAs as well as other key success factors for the support function. These KPIs include: • Customer incident rate • SLA success rate • First-time fix rate • Issues requiring escalation. Hours = working hours. Costs are dependent upon the application version, number of users and integration points/complexity of the technical solution.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We tailor on-boarding services based on client requirements, but these are typically aligned to ITIL v3 transition guidelines. This can be either tailored or provided using our standard, predefined service.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
We agree exit terms and processes at the time of contracting. The exact format turnaround and processes related to data extraction is determined at this point.
End-of-contract process
End of contract scenarios are agreed in advance and either tailored to client requirements or we can provide a standard, predefined solution, based on ITIL v3 processes and guidelines.

Additional costs are determined on a case by case basis, dependent on size and complexities of activities.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is parity of functionality and service between mobile and desktop, each tailored to the form factor in order to provide a responsive user interface.
Service interface
Yes
Description of service interface
Microsoft Unified Interface & Dynamics 365 Web Application
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Jaws has been used to test Dynamics 365 using the unified service desk.
Visit https://www.microsoft.com/en-us/accessibility/ for accessibility information.
API
Yes
What users can and can't do using the API
There are many extensibility points within our services allowing customisations including user interface, data storage, reporting, work flow, authentication authorisation, line of business integration, customise portals and integration with custom mobile applications.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
There are many extensibility points within our services allowing customisations including user interface, data storage, reporting, work flow, authentication authorisation, line of business integration, customise portals and integration with custom mobile applications.

Scaling

Independence of resources
We leverage Microsoft Online Services which in turn utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage. More information on request.

Analytics

Service usage metrics
Yes
Metrics types
Many metrics are available including user logins, transactions, storage etc. Reported metrics are agreed on a contract by contract basis.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can extract data using various techniques including integration with Office clients and various integration technologies.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • ODBC
  • ODATA
  • Original Document Format as uploaded
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • SQL
  • Access
  • ODATA

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Monthly Service Level -
1. The Service Level is 99.9%.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:

Monthly Uptime Percentage =
Total number of minutes
in a given calendar month minus Total number of minutes of Downtime in a given calendar month.

More information available on request.
Approach to resilience
Datacenters implement numerous techniques and technologies to achieve resilience including significant power, hardware, data and network redundancy. Detailed information is available upon request.
Outage reporting
Outages can be communicated by multiple methods including Dashboards, accessible via APIs, email alerts and via phone.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Our solutions implement role based access control, determined by the customer on a case by case basis.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
26/02/2018
What the ISO/IEC 27001 doesn’t cover
This certification was obtained by Microsoft for the Dynamics 365 service. Further details can be obtained here: https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
29/09/2016
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
Qualified Security Assessor (QSA)
PCI DSS accreditation date
07/03/2018
What the PCI DSS doesn’t cover
Azure complies with Payment Card Industry Data Security Standards Level 1 version 3.2
Other security certifications
Yes
Any other security certifications
ISO/IEC 27018:2014 Management system for the protection of PII

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We work to industry and specifically Microsoft standards for all security related standards. Our solutions leverage Microsoft Cloud Services which in term comply to ISO/IEC 27001 and CSA CCM v3.0
Information security policies and processes
We have an Information Security Policy which is available on request. We have rigorous induction and training methods which ensure policies are followed. Reporting Structure is also available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We strictly align our configuration and change management processes, including component life cycle tracking and security impact assessments, according to the ITIL v3 Framework Guidelines.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are monitored through multiple sources, including external repositories and vendor feeds proactively according to internally defined processes. Assessment of patches, hot fixes updates and associated deployment guidelines are dictated by severity, client requirements and/ or vendor recommendations.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We use various tools, technologies and techniques in order to identify potential compromises and respond on a case by case basis, based on the nature, complexity and severity. We offer various levels of response times, depending on Service Level Agreements. Further information is available upon request.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident reporting frequency and format is agreed with the customer on a case by case basis. Users can report incidents via multiple channels including telephony, dashboards and email. We have predefined processes for common events and leverage the guidelines defined by the ITIL v3 Framework.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£59000 per instance
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑