Rembrace

Project Activity Manager (PAM)

PAM is a Workplan and Savings Tracking Service for managing and reporting on your Cost Improvement Programme (CIP). PAM supports project management against defined milestones with planned, forecast and actual savings based on real-time spend. Workflow seamlessly connects multiple teams to generate project pipelines and provide full visibility and accountability.

Features

  • CIP Savings Tracker
  • Project Management
  • Real time Reporting
  • Management Reports
  • Data Analysis
  • Real-time data collection
  • Workflow
  • Document Storage
  • Governance
  • Multi user access

Benefits

  • Increase CIP Delivery
  • Report cost savings at the cost centre code level
  • Single communication channel between multiple teams
  • Reduce time/cost of collating, validating and reporting data
  • Automatically track actual savings in real time
  • Identify slippage or areas of risk in order to mitigate
  • Provide governance and assurance
  • Real-time interactive management dashboards

Pricing

£500 to £3500 per licence per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

724308507362976

Rembrace

Ashley Waterman

00443302230552

support@rembrace.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Real-time Actual Savings Tracking requires an interface with Purchasing (PO) or Finance (AP) data.
System requirements
  • Microsoft Windows environment
  • Network to allow access to Microsoft Azure (Cloud Service)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support dependent on Severity Level as set out in SLA. Urgent queries responded to within 24 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Level 1: 8 hours of developer time for Development, Configuration and Application Support; Includes Hot Fixes and access to all Version Upgrades. Level 2: 16 hours of developer time for Development, Configuration and Application Support; Includes Hot Fixes and access to all Version Upgrades. Level 3: 24 hours of developer time for Development, Configuration and Application Support; Includes Hot Fixes and access to all Version Upgrades.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We have a standard implementation plan which is used as the basis for all of our implementations. This can be amended according to customer requirements. Initial system training is provided onsite as part of the system implementation process. Additional training is available either remotely or onsite as required. The system also includes detailed user documentation which describes the steps required for setting up and managing projects.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data is exported in an agreed CSV file format. The customer also has direct access to write SQL statements to export any data as required.
End-of-contract process The customer has the option to continue with the contracted service or to terminate the contract. If the contract is terminated, the customers data will be made available in the agreed format. The customer will no longer have access to the Cloud service via the application.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Chrome
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Differences to basic layout and interface design but not to functionality
Service interface No
API No
Customisation available Yes
Description of customisation The service can be customised to include bespoke data items in order to meet specific customer requirements. This can be completed with support from the providers development team as part of the SaaS agreement.

Scaling

Scaling
Independence of resources Each organisation license includes a dedicated service which is isolated from other customers. Therefore increased demand from other organisations has no impact on service level. Database services are dynamically scalable to handle an increase in data or system usage.

Analytics

Analytics
Service usage metrics Yes
Metrics types User login statistics and data access requests to the SQL server database.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users have direct access to the database and can write SQL statements to export their data. Data can also be exported into MS Excel directly from the User Interface.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability In order to enable the client to do business effectively, the supplier guarantees that the service will be available for a certain percentage of time: Guaranteed Uptime 98% Uptime is measured using automated systems, over each calendar month. It is calculated to the nearest minute, based on the number of minutes in the given month (for instance, a 31-day month contains 44,640 minutes). If uptime for any item drops below the relevant threshold, a penalty will be applied in the form of a credit for the client. This means the following month’s fee payable by the client will be reduced on a sliding scale. The level of penalty will be calculated depending on the number of hours for which the service was unavailable, minus the downtime permitted by the SLA: Penalty per hour is 3% of total monthly fee
Approach to resilience All data is replicated a minimum of three times across multiple hardware racks to ensure durability and high availability. Data can also be backed up to a second geographic location. So even in the case of a complete regional outage or a regional disaster in which the primary location is not recoverable, the data is still durable.
Outage reporting Outages are reported via email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is controlled across applications using Microsoft built in security.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes Security policies and processes are documented with a named security officer. We follow a clean desk policy with all documentation stored in locked units. Information is classified according to an appropriate level of confidentiality, integrity and availability. Staff are trained to handle documentation according to the information classification. Policy breaches are to be reported and dealt with accordingly. Information policies are reviewed and updated on a regular basis.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All change requests are managed through a single system with a standardised change control form. All changes are assessed on their merit and whether they introduce any risk to the integrity or security of the system. Any changes must be approved by a Change Control Board. Changes are then managed through a process tracking log with a named accountable person.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use Microsoft Azure's integrated vulnerability assessment. Each of our virtual machines on Azure, have this assessment solution installed. Once deployed, the Qualys agent will start reporting vulnerability data to the Qualys management platform, which in turn provides vulnerability and health monitoring data back to Security Center. Users can quickly identify vulnerable VMs from the Security Center dashboard. We use MS Azure Update Management for patch alerts to ensure patches are deployed immediately.
Protective monitoring type Supplier-defined controls
Protective monitoring approach From Azure Monitor we can now get at-a-glance reporting on the health and performance of all our cloud resources, from virtual machines to applications to individual lines of codes in the applications. Policies and processes are in place to appropriately manage and respond to incidents detected by Azure Monitor.
Incident management type Supplier-defined controls
Incident management approach All incidents are logged on a central database and all actions and findings are stored against the incident number. These are then emailed to the person/persons responsible for managing the incident. We follow the Incident Model: This includes a sequence of steps and responsibilities; Timescales for resolution; Escalation procedures; Evidence preservation; Reporting is done on a regular basis from the central database and provided at Management Meetings for review/learning.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £500 to £3500 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Service can be accessed and used with basic functionality for a period of 2 months. This does not include any bespoke configuration or interfaces which are required for tracking actual savings in real-time.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑