MPS Management Process Systems Limited

Contract Change Management (CCM)

Contract Change Management (CCM). Cloud Service manages all processes in the commercial contract management of construction projects. Efficiently and effectively administers the NEC, JCT, FIDIC and other contract forms. Released in 2000 to support the NEC. CCM can be configured for other contract forms, business dashboards and reporting requirements.

Features

  • Real Time access any time (7 x 24) from anywhere
  • World class access control permissions
  • Contract live data secured in one location for access
  • Access security based on business roles
  • Workflow management of contract business processes
  • Post contract option of electronic access to data
  • No additional software simplex device and browser access
  • Duplicated service delivery with no single point of failure

Benefits

  • Real time audit trail time and date stamped
  • Senior management dashboard of contract performance
  • Portfolio management of unlimited contracts with dashboard status
  • Collaborative team working supported through workflow
  • Contract process compliance through manadatory workflow
  • Intuitive user interface for minimal training and quick start
  • Risk management prompts through early status warnings
  • Best practice support enables a focus on productivity improvement
  • High visibility of contract status reduces contract dispute risks

Pricing

£636 per licence per year

  • Education pricing available

Service documents

G-Cloud 11

833085705341092

MPS Management Process Systems Limited

Des Downey

01223597933

desdowney@mpsprocess.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints it is a cloud service with desktop and mobile browser access. Browser configuration must be manufacturer currently in support versions.
Planned maintenance periods do not normally impact service availability due to duplicated configurations. If so there is a pre announcement.
System requirements
  • Desktop and mobile device access via in support browsers.
  • User access via registered user role name and password

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity 1: Severe business impact: Incident leading to loss of a business-critical application/service. Immediate.
Severity 2: High business impact through loss or degradation: Incident leading to loss or degradation of functionality, such as loss of a significant feature within an application. An example is high CPU processor utilisation. Immediate.
Severity 3: Some functionality is lost or degraded: An incident leading to loss or degradation of specific system functionality. An example is single user issue. 1 hour.
Severity 4: No business impact: A functional query or fault, change request. 1 day.

Supported hours week day 09:00 - 17:00. Weekends chargeable arrangement.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Severity 1: Severe business impact: Incident leading to loss of a business-critical application/service. Immediate.
Severity 2: High business impact through loss or degradation: Incident leading to loss or degradation of functionality, such as loss of a significant feature within an application. An example is high CPU processor utilisation. Immediate.
Severity 3: Some functionality is lost or degraded: An incident leading to loss or degradation of specific system functionality. An example is single user issue. 1 hour.
Severity 4: No business impact: A functional query or fault, change request. 1 day.

Supported hours week day 09:00 - 17:00. Weekends chargeable arrangement.
Week day support to named users is included in the service charge.

There is a technical service account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training to end users at customer premises typically in groups of eight.
Online training through web conferencing typically to two users.

The service includes key user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data stored in Software as a Service (SaaS) databases may not be readily available to the owners of that data. Long term access to it may be needed even though the Software Service might no longer be available.

The Data Access and Storage (DAS) optional service provides long term access to information in a CCM database. The information in the database which includes all documents, approved attachments and the internal audit trail is published electronically in ADOBE PDF format. Internal hyper links are retained. This enables a business enterprise or other interested parties to access information post a CCM contract completion. The ADOBE PDF format is read only and is navigable by internal links, index or search functions.

The electronic Adobe Pdf record may then be stored in a customers archive service.
End-of-contract process The service delivery cost of CCM is usually calculated on a fee basis - a % of the supported commercial construction contract value and for the duration of the construction contract. Extensions to the contract duration are negotiable.

There are additional charges for training and service configuration. Typically one time charges at startup.

At the end of the contract customer service access is removed unless an extension has been negotiated.

There is an option to take a copy of the CCM data using the Data Access and Storage service (DAS).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Read only access is an option. There is a trial update access function which has not been generally released.
Service interface No
API Yes
What users can and can't do using the API SOAP ( Simple Object Access Protocol) is a message protocol that allows distributed elements of an application to communicate.

This is a supplier negotiated and managed configuration function with a customer specific requirement.
API documentation No
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources Delivery service configurations have typically a maximum measured threshold of 70% capacity resource demand. Metrics are reviewed on a weekly basis and incremented as resource demand peaks or grows.

There is a service delivery function called load balancing which can be implemented if resource demands become volatile.

Analytics

Analytics
Service usage metrics Yes
Metrics types End user process metrics are provided within the service. Additionally end user service usage metrics may be configured to meet specific user agreed requirements.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach CCM service is delivered from IBM Cloud Data Centres. In the era of ever-present attacks and breaches, IBM Cloud Security’s scalable suite of technologies and solutions are made more robust and complete through pervasive encryption, AI + automation and integration. IBM provide a full stack of IBM Cloud security services, but also to an IBM security team supporting more than 12,000 customers in 133 countries.
Every IBM Cloud service is designed, developed and managed according to IBM’s own strict security policies and implementation guidelines, and provided under the binding commitments of the IBM Data Security and Privacy Principles.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach CCM has the capability to export any data set in MS Excel spreadsheet format. A standard set are provided but these can easily be customised.
Exports are run overnight, between 03:00am and 07:00am. In addition users can refresh a report manually at any time.

All CCM communications have a number of optional additional fields. These can be text, number, date or selection list. They can be enabled to help gather additional reporting information. Assistance can be provided to users who have a need to aggregate data from different sources into
their contract reports.
Data export formats Other
Other data export formats Other format is Microsoft Excel
Data import formats Other
Other data import formats Commercial construction contract data baseline time and cost information.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% based on a single server delivered service. However there is no single point of failure in the server and it is complemented by a real time alternative server and service. Thus making the service available 100%.
Refunds on service non availability are subject to specific customer contract negotiations.
Approach to resilience Management Process Systems Limited has a Cloud Services infrastructure environment for its Contract Change Management Service (CCM) located in IBM Data Centres.
Server delivery servers are configured with no single point of failure.
Two instances of the service delivery server are maintained in an IBM Domino cluster. Each instance is located in a separate geographically located Data Centre. Any changes made on one are replicated
almost instantaneously to the other. One is used to host end users, the second is kept as the hot standby.
The servers are fronted by duplicated web servers. If the live web server fails traffic is automatically routed by the web server to the standby server. This assures the very high level of availability.
Outage reporting Email alerts to customer designated contact points.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access permissions are given to specific persons on a role and supplier relationship basis.

Supplier contracts are mandatorily reviewed annual or more frequently on a change request basis.

Management interfaces are reviewed on a change request basis by the company board.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach IBM Data Centres provide the CCM delivery service. The Data Centres comply with SOC 2 and SOC 3 compliance requirements.

The CCM service is built using IBM Domino middleware software. Every user ID and server ID has a unique public key. The public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases.
Information security policies and processes IBM Data Centres provide the CCM delivery service. The Data Centres comply with SOC 2 and SOC 3 compliance requirements.
IBM audit and provide periodic reports on SOC 2 and SOC 3 compliance.

The CCM service is built using IBM Domino middleware software. Every user ID and server ID has a unique public key. The public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases.
CCM services are provided on the basis of customer contracts, named contact points for subsequent authorisation of end users, their roles and security permissions. The authorisation communications are approved and recorded electronically.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A formal bi weekly meeting manages all configuration and change requests. They are documented and fed into performance management metrics.

The requests include new customer setup and close down requirements, technology updates and new implementations.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Data Centre Cloud services are provided by IBM. Periodic Nessus reports identify security risks and threats. They are acted upon depending on the risk categorisation.
IBM provide alerts on potential vulnerabilities identified by their inhouse security and apply corrective actions.

Microsoft provide periodic reports on security risks and threats. Updates are released monthly or more frequently if risks are high. Updates are applied to all delivery services at least monthly or quicker if risks are high.

Symantec provide anti virus protection and periodic reports on risks. Updates are applied on a 24 hour basis or quicker if risks are high.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach IBM Data Centres monitor security incidents and risks and provide notice of them and of the corrective actions either taken or planned. This is a real time service.

Microsoft monitor security incidents and risks and provide notice of them and of the corrective actions required. This is either a real time service or through period scheduled updates

Symantec monitor security incidents and risks and provide notice of them and of the corrective actions either taken or planned. This is a real time service.
Incident management type Supplier-defined controls
Incident management approach Infrastructure Real Time Library (ITIL) framework and processes are in use.
Incident and Change requests are recorded and managed through a Customer Relationship Management Service (CRM). Performance reports are reviewed weekly and bi weekly. The CRM service includes an escalation function in order to manage delays in resolution.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £636 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑