Upland Software

PowerSteering Software

PowerSteering offers best of breed Portfolio Management Software and best practices to manage Investment Programs, CapEx, M&A programmes, IT/Enterprise PMOs, New Product Development, and Operational Excellence programmes. As a complete solution, we provide comprehensive customer implementation, training, ongoing support, upgrades, maintenance, integration and consulting services.

Features

  • Business & IT Project Programme/Portfolio Management (PMO)
  • New Product Development
  • Continuous Improvement
  • Six Sigma & Lean Six Sigma
  • Strategy Deployment
  • Application Portfolio Management
  • Idea & Demand Management
  • SSO & Dell Boomi Integration
  • Mergers & Acquisition Project Management
  • Project & Portfolio Financial Tracking/Management

Benefits

  • Increase Project Value
  • Decrease Project Cycle Time
  • Automate reporting cycle, decreasing report preparation time
  • Align project/work to strategic objectives
  • Tracking & Visbility of KPIs/Measures that drive strategic objectives
  • Monitor and capture project financials (budget/actual/benefits)
  • Gate enforcement of end-to-end project governance
  • Advanced Workflow Management capabilities

Pricing

£4 per person per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 3 6 0 1 9 1 6 4 8 7 0 4 2 2

Contact

Upland Software

Dominic Aelberry

+44 (0) 800-048-8575

daelberry@uplandsoftware.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Internet Browser
  • Broadband Internet connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 1 queries: 1 hour
Priority 2 queries: 4 hours
Priority 3 queries: 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard, Gold, and Platinum support.
Gold = 20% ARR, Platinum = 30% ARR
Upland provides complete end to end support including a customer success manager, 24x7 support, and the option for an assigned platinum experience manager.
Please see the Premium support brochure for full details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Upland Software provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.

Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any ‘configuration clicking’ in the user interface.

Training options

Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users are always able to extract data at any time. There are a number of ways to extract data, through API, CSV, templates and reports. On contract end Upland will provide a number of data options including a database copy.
End-of-contract process Data extract that requires no statement of work is included. Additional work will require a statement of work.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None (full, responsive HTML5 supported).
Service interface No
API Yes
What users can and can't do using the API PowerSteering supports integrations via the Dell Boomi IPaaS platform.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Client select power users to be trained as administrators. These administrators have access to an administrative panel within PowerSteering. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within PowerSteering.

Scaling

Scaling
Independence of resources PowerSteering is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is segregated in individual database instances; however, we put multiple customers on each of our application and database servers. We are a multi-tenant system to capitalize on the economies of scale for resources and ongoing operational maintenance.

Additionally, PowerSteering utilizes Amazon Web Services (AWS) for hosting (Infrastructure-as-a-Service) to ensure the high-level application performance needs of our global customer base are fulfilled.

Analytics

Analytics
Service usage metrics Yes
Metrics types Uptime, full support ticket information, development information.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Data at rest encryption.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Many areas of PowerSteering that provide summations of data (e.g., Visual Portals, Dashboards, drill-through reports) can be exported in a variety of common formats (e.g., PDF, Word, HTML, Excel, etc.). PowerSteering has the ability to generate a full data export in any format preferred (e.g. Excel) delivered on a pre-defined schedule. This can be delivered any day or timeframe as needed. Other options are available.
Data export formats
  • CSV
  • Other
Other data export formats
  • Word
  • XLS
  • PDF
  • HTML
  • PowerPoint
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Software Availability;
The periods of time that the Application is Available for use by the Customer not including scheduled downtime. “Availability” or “Available” means that an Authorized User can log in and access the Application.

Available in all material respects 99.5% average over a month (calculated on a 24 x 7 x 365 basis, other than Scheduled Downtime and other than any period of downtime that lasts 5 continuous minutes or less).
Approach to resilience Available on request
Outage reporting Customer Portal. E-mail.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels PowerSteering will create either an encrypted LDAP connection to SAML 2.0 compliant identity federation solution (e.g., Active Directory), or will create a dedicated VPN connection between PowerSteering and the customer. Once we have a connection, PowerSteering will send an on-demand request with the required authenticating information from our application server. If the end users credentials are valid, they will then be granted access. If the credentials are not valid we deny access. This request is in real time, therefore if an employee is disabled at 11:30, at 11:31 if they attempt access, they will be denied.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SSAE 16 SOC 2 Type II / ISAE 3402
  • Privacy Shield

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to:
++ SSAE-16 / ISAE 3402
++ SOC 2
++ Privacy Shield
Information security policies and processes Upland’s security framework is based on the ISO 27001 framework. On an annual basis, Upland PowerSteering is SSAE16 SOC1 Type II / ISAE 3402 audited, and as of 2016, SOC 2 audited as well. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach PowerSteering has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services.

We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates.
Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external
monitoring systems that periodically verify the state of each Upland cloud-based software product.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £4 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full software access for up to 1 month

Service documents

Return to top ↑