Pcubed / Microsoft Project Online 'PPM Accelerator', the lowest investment cost for better P3M
PPMA is Pcubed’s rapid deployment solution designed to get your organisation up and running with an end-to-end PPM / EPM platform within a short time frame at a low initial investment. It’s a fast track, fixed price, preconfigured solution using Microsoft Project Online with defined deliverables and low deployment risk.
Features
- Preconfigured Microsoft Project Online environment based on Pcubed's best practice
- Envisioning workshop to determine gap analysis
- Onsite configuration and adjustments to align with client terminology
- Training for administrators and core resources
- Post deployment support including a review Workshop
- Eight automated reports and client specific report enhancements
- All of the benefits of an online Microsoft deployment
- Securely hosted datacentres with Security cleared, permanent employees
- Compatible with several methodologies such as MSP, Waterfall and Agile
Benefits
- Rapid mobilisation
- Consistent project management data and processes
- Stay on track, on budget and in scope
- Improved quality, timeliness and cost effectiveness
- Enterprise-wide governance with standard gateway management
- Project templates driving consistent planning standards and tracking
- Built-in capabilities including project dashboards, planning, risk, and issue tracking
- Microsoft Gold Partner with ISO 27001 certification
- Keeps investment risk at a manageable level
- Ensures the most expensive asset (resources) is optimally utilised
Pricing
£20,000 an instance
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
7 6 6 4 2 9 8 1 8 2 9 1 6 3 6
Contact
Program Planning Professionals Ltd (t/a MI-GSO | PCUBED)
Mark Sorrell
Telephone: 020 7462 0100
Email: uk.info@pcubed.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Microsoft Project Online
- Cloud deployment model
- Public cloud
- Service constraints
- There are no other foreseeable constraints to the Services (e.g. maintenance windows, level of customisation permitted, schedule for deprecation of functionality/features etc.)
- System requirements
-
- Microsoft Internet Explorer Version 10 or later, Firefox, Chrome, Safari
- The consumer must have the ability to access internet
- Log in accounts (licences)
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Service-desk runs during UK office hours 9-5pm Mon-Fri.
Classification:
Severity 1; Urgent - A full system outage (Support Manager)
Severity 2; High - A major element of the solution is not working at all(Support Manager)
Severity 3; Normal - A single or small element of the solution is not working and affecting a number of users (Support/Delivery team)
Severity 4; Low - problem which is affecting limited numbers of users (Support/Delivery team)
Response times:
Severity 1: 1 hour-respond, 8 hours-resolve;
Severity 2: 4 hours-respond, 2 days-resolve;
Severity 3: 1 day-respond, 5 days-resolve;
Severity 4: 2 days-respond, 10 days-resolve. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Support levels include Email, Phone, Service desk and Onsite assistance.
Each support request will receive a severity level which is tied to a service level metric. Service-level metrics specify the maximum amount of time to elapse before a customer, after opening an incident, is contacted by a support representative. Initial response goals will be the same for all support package levels but will vary by severity. Initial technical response time is determined by the severity, as follows:
Severity 1; Urgent - A full system outage , none of the system is working and this is affecting all users.
Severity 2; High - A major element of either the Microsoft PPM / EPM or Pcubed solution is not working at all and affecting all / nearly all users or the production of business critical reports.
Severity 3; Normal - A single or small element of the Microsoft PPM / EPM or Pcubed solution is not working and affecting a number of users or multiple teams.
Severity 4; Low -There is a problem which is affecting limited numbers of users or a less frequent part of the solution or regular reports. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Envisioning workshops, training , change management, providing a dedicated delivery team and support where necessary
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
-
- MS Word
- MS PowerPoint
- End-of-contract data extraction
- OData - extracting PO data to an excel spreadsheet and saving project plans in Microsoft Project
- End-of-contract process
-
Microsoft and Pcubed are certified in ISO 27001, this enables Pcubed to comply with high standards of all our customer’s data security and integrity. Upon exit, all customer information will be securely destroyed and confirmation will be provided.
Also, Microsoft implements destruction and confirmation of destruction of all data upon exit of contract.
If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the retention period) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of Microsoft Online Services Terms).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There are screen user interface differences, however, there are no limited functionality features
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
-
Microsoft Project Online has an Open API that allows integration with other systems (uni and bi-directional).
The API access of the following types is available: REST, SOAP. For further information, please see: https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The solution allows reports, letters and other communications to be customised with logos, fonts, branding and colours. Advanced customisation using pages, events, web pats and configuration can be provided to meet further requirements (e.g. add extra fields, access to API to build your own interfaces, etc.).
Scaling
- Independence of resources
-
Availability reports are available via the Admin Portal of Office 365, for the overall platform and by service.
There is a separation in services between consumers; users are not affected by the demand of other users.
By using Office 365 API, further monitoring is possible. The service is based on Microsoft architecture which is fully scalable.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Please see the Business admins section found here https://support.office.com/en-gb/article/Activity-Reports-in-the-Office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Other
- Other data at rest protection approach
- For data at rest, the service deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can use OData to extract or import their data. Out of the box SharePoint allows export of all information to Excel. Pcubed could also develop specific reports relating to more detailed information and saving project plans in Microsoft Project
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XLS
- MPP
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients, such as Skype for Business Online, Outlook, and Outlook on the web. See also http://aka.ms/Office365CE
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
Microsoft supports versions 1.0, 1.1, and 1.2 of the Transport Layer Security (TLS) protocol. This protocol is an industry standard designed to protect the privacy of information communicated over the Internet. TLS assumes that a connection-oriented transport, typically TCP, is in use. The TLS protocol allows client/server applications to detect the following security risks:
• Message tampering
• Message interception
• Message forgery
For further information, please refer to: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380516(v=vs.85).aspx
Availability and resilience
- Guaranteed availability
-
Microsoft provides a contractually backed SLA to a minimum of 99.9%
Backup, disaster recovery and resilience plan in place - Approach to resilience
-
Office 365 services have been designed around five specific resiliency principles:
There is critical and non-critical data. Non-critical data can be dropped in rare failure scenarios. Critical data should be protected at extreme cost. As a design goal, delivered mail messages are always critical, and things like whether or not a message has been read is noncritical.
- Copies of customer data must be separated into different fault zones or as many fault domains as possible (e.g., datacentres, accessible by single credentials (process, server, or operator)) to provide failure isolation.
- Critical customer data must be monitored for failing any part of Atomicity, Consistency, Isolation, Durability (ACID).
- Customer data must be protected from corruption. It must be actively scanned or monitored, repairable, and recoverable.
- Most data loss results from customer actions, so allow customers to recover on their own using a GUI that enables them to restore accidentally deleted items.
- Backup, disaster recovery and resilience plan in place
Further info: http://aka.ms/Office365DR - Outage reporting
- Office 365 reports outages via the service status portal https://portal.office.com/servicestatus/servicestatus.aspx, Alert or Mobile Application
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Other
- Other user authentication
-
User access to interfaces is made possible with a user account: O365 account
Without having the O365 account, users cannot gain access to the service.
Access to the service is limited to authenticated and authorised users.
Usernames and password control remain under the buyers control. - Access restrictions in management interfaces and support channels
-
Access can be restricted based on the role of the user (administrator, team member with edit right, or only viewer).
In addition, if the user does not have a O365 licence, they are restricted from the service. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 18/05/2015
- What the ISO/IEC 27001 doesn’t cover
- Control: The organisation shall supervise and monitor the activity of outsourced system development.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 29/04/2016
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- None
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials Plus
- EU Model Clauses
- EU-US Privacy Shield
- ISO 27001, ISO 27018
- SOC 1, SOC 2
- FIPS 140-2
- HIPAA/HITECH
- CCSL (IRAP)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
FISMA/FedRamp,
EU Model Clauses,
HIPAA/HITECH,
ISB 1596,
ISO 27018,
SASE16 SOC1 & SOC 2
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402.
The service has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1/SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. OSA combines this knowledge with experience of running hundreds of thousands of servers in datacentres around the world. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.
In addition to Microsoft’s ISO-27001 compliance, and their use of independent 3rd party penetration tests, they operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of their Operational Security Assurance (OSA). - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Configuration, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £20,000 an instance
- Discount for educational organisations
- No
- Free trial available
- No