MPS Management Process Systems Limited

Contract Change Management (CCM)

Contract Change Management (CCM). Cloud Service manages all processes in the commercial contract management of construction projects. Efficiently and effectively administers the NEC, JCT, FIDIC and other contract forms. Released in 2000 to support the NEC. CCM can be configured for other contract forms, business dashboards and reporting requirements.

Features

  • Real Time access any time (7 x 24) from anywhere
  • World class access control permissions
  • Contract live data secured in one location for access
  • Access security based on business roles
  • Workflow management of contract business processes
  • Post contract option of electronic access to data
  • No additional software simplex device and browser access
  • Duplicated service delivery with no single point of failure

Benefits

  • Real time audit trail time and date stamped
  • Senior management dashboard of contract performance
  • Portfolio management of unlimited contracts with dashboard status
  • Collaborative team working supported through workflow
  • Contract process compliance through manadatory workflow
  • Intuitive user interface for minimal training and quick start
  • Risk management prompts through early status warnings
  • Best practice support enables a focus on productivity improvement
  • High visibility of contract status reduces contract dispute risks

Pricing

£636 per licence per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

8 3 3 0 8 5 7 0 5 3 4 1 0 9 2

Contact

MPS Management Process Systems Limited

Des Downey

01223597933

mikepalman@mpsprocess.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No constraints it is a cloud service with desktop and mobile browser access. Browser configuration must be manufacturer currently in support versions.
Planned maintenance periods do not normally impact service availability due to duplicated configurations. If so there is a pre announcement.
System requirements
  • Desktop and mobile device access via in support browsers.
  • User access via registered user role name and password

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity 1: Severe business impact: Incident leading to loss of a business-critical application/service. Immediate.
Severity 2: High business impact through loss or degradation: Incident leading to loss or degradation of functionality, such as loss of a significant feature within an application. An example is high CPU processor utilisation. Immediate.
Severity 3: Some functionality is lost or degraded: An incident leading to loss or degradation of specific system functionality. An example is single user issue. 1 hour.
Severity 4: No business impact: A functional query or fault, change request. 1 day.

Supported hours week day 09:00 - 17:00. Weekends chargeable arrangement.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Severity 1: Severe business impact: Incident leading to loss of a business-critical application/service. Immediate.
Severity 2: High business impact through loss or degradation: Incident leading to loss or degradation of functionality, such as loss of a significant feature within an application. An example is high CPU processor utilisation. Immediate.
Severity 3: Some functionality is lost or degraded: An incident leading to loss or degradation of specific system functionality. An example is single user issue. 1 hour.
Severity 4: No business impact: A functional query or fault, change request. 1 day.

Supported hours week day 09:00 - 17:00. Weekends chargeable arrangement.
Week day support to named users is included in the service charge.

There is a technical service account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training to end users at customer premises typically in groups of eight.
Online training through web conferencing typically to two users.

The service includes key user documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data stored in Software as a Service (SaaS) databases may not be readily available to the owners of that data. Long term access to it may be needed even though the Software Service might no longer be available.

The Data Access and Storage (DAS) optional service provides long term access to information in a CCM database. The information in the database which includes all documents, approved attachments and the internal audit trail is published electronically in ADOBE PDF format. Internal hyper links are retained. This enables a business enterprise or other interested parties to access information post a CCM contract completion. The ADOBE PDF format is read only and is navigable by internal links, index or search functions.

The electronic Adobe Pdf record may then be stored in a customers archive service.
End-of-contract process
The service delivery cost of CCM is usually calculated on a fee basis - a % of the supported commercial construction contract value and for the duration of the construction contract. Extensions to the contract duration are negotiable.

There are additional charges for training and service configuration. Typically one time charges at startup.

At the end of the contract customer service access is removed unless an extension has been negotiated.

There is an option to take a copy of the CCM data using the Data Access and Storage service (DAS).

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Read only access is an option. There is a trial update access function which has not been generally released.
Service interface
No
API
Yes
What users can and can't do using the API
SOAP ( Simple Object Access Protocol) is a message protocol that allows distributed elements of an application to communicate.

This is a supplier negotiated and managed configuration function with a customer specific requirement.
API documentation
No
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Delivery service configurations have typically a maximum measured threshold of 70% capacity resource demand. Metrics are reviewed on a weekly basis and incremented as resource demand peaks or grows.

There is a service delivery function called load balancing which can be implemented if resource demands become volatile.

Analytics

Service usage metrics
Yes
Metrics types
End user process metrics are provided within the service. Additionally end user service usage metrics may be configured to meet specific user agreed requirements.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
CCM service is delivered from IBM Cloud Data Centres. In the era of ever-present attacks and breaches, IBM Cloud Security’s scalable suite of technologies and solutions are made more robust and complete through pervasive encryption, AI + automation and integration. IBM provide a full stack of IBM Cloud security services, but also to an IBM security team supporting more than 12,000 customers in 133 countries.
Every IBM Cloud service is designed, developed and managed according to IBM’s own strict security policies and implementation guidelines, and provided under the binding commitments of the IBM Data Security and Privacy Principles.
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
CCM has the capability to export any data set in MS Excel spreadsheet format. A standard set are provided but these can easily be customised.
Exports are run overnight, between 03:00am and 07:00am. In addition users can refresh a report manually at any time.

All CCM communications have a number of optional additional fields. These can be text, number, date or selection list. They can be enabled to help gather additional reporting information. Assistance can be provided to users who have a need to aggregate data from different sources into
their contract reports.
Data export formats
Other
Other data export formats
Other format is Microsoft Excel
Data import formats
Other
Other data import formats
Commercial construction contract data baseline time and cost information.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99% based on a single server delivered service. However there is no single point of failure in the server and it is complemented by a real time alternative server and service. Thus making the service available 100%.
Refunds on service non availability are subject to specific customer contract negotiations.
Approach to resilience
Management Process Systems Limited has a Cloud Services infrastructure environment for its Contract Change Management Service (CCM) located in IBM Data Centres.
Server delivery servers are configured with no single point of failure.
Two instances of the service delivery server are maintained in an IBM Domino cluster. Each instance is located in a separate geographically located Data Centre. Any changes made on one are replicated
almost instantaneously to the other. One is used to host end users, the second is kept as the hot standby.
The servers are fronted by duplicated web servers. If the live web server fails traffic is automatically routed by the web server to the standby server. This assures the very high level of availability.
Outage reporting
Email alerts to customer designated contact points.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access permissions are given to specific persons on a role and supplier relationship basis.

Supplier contracts are mandatorily reviewed annual or more frequently on a change request basis.

Management interfaces are reviewed on a change request basis by the company board.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
IBM Data Centres provide the CCM delivery service. The Data Centres comply with SOC 2 and SOC 3 compliance requirements.

The CCM service is built using IBM Domino middleware software. Every user ID and server ID has a unique public key. The public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases.
Information security policies and processes
IBM Data Centres provide the CCM delivery service. The Data Centres comply with SOC 2 and SOC 3 compliance requirements.
IBM audit and provide periodic reports on SOC 2 and SOC 3 compliance.

The CCM service is built using IBM Domino middleware software. Every user ID and server ID has a unique public key. The public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases.
CCM services are provided on the basis of customer contracts, named contact points for subsequent authorisation of end users, their roles and security permissions. The authorisation communications are approved and recorded electronically.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A formal bi weekly meeting manages all configuration and change requests. They are documented and fed into performance management metrics.

The requests include new customer setup and close down requirements, technology updates and new implementations.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Data Centre Cloud services are provided by IBM. Periodic Nessus reports identify security risks and threats. They are acted upon depending on the risk categorisation.
IBM provide alerts on potential vulnerabilities identified by their inhouse security and apply corrective actions.

Microsoft provide periodic reports on security risks and threats. Updates are released monthly or more frequently if risks are high. Updates are applied to all delivery services at least monthly or quicker if risks are high.

Symantec provide anti virus protection and periodic reports on risks. Updates are applied on a 24 hour basis or quicker if risks are high.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
IBM Data Centres monitor security incidents and risks and provide notice of them and of the corrective actions either taken or planned. This is a real time service.

Microsoft monitor security incidents and risks and provide notice of them and of the corrective actions required. This is either a real time service or through period scheduled updates

Symantec monitor security incidents and risks and provide notice of them and of the corrective actions either taken or planned. This is a real time service.
Incident management type
Supplier-defined controls
Incident management approach
Infrastructure Real Time Library (ITIL) framework and processes are in use.
Incident and Change requests are recorded and managed through a Customer Relationship Management Service (CRM). Performance reports are reviewed weekly and bi weekly. The CRM service includes an escalation function in order to manage delays in resolution.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£636 per licence per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑