Prosis Solutions Ltd

PROJECT in a box Live Edition

Enterprise, SaaS-based project management software for managing projects, programmes and portfolios (PM, PPM, PPPM software). Planning, resourcing, risk, issue & benefit management, reporting, dashboards, notifications and collaboration. Ideal for your Project Management Office (PMO). PRINCE2, Managing Successful Programmes (MSP), Praxis Framework, Agile, DSDM-Atern included; or use your own bespoke methodology.


  • PRINCE2, MSP, Agile, Praxis Framework and our generic methods
  • PPM software: ideal for your Project Management Office (PMO software)
  • Management tools, eg document management, approvals, assurance, collaboration and search
  • Project controls: plans, risks, issues, cost, benefits, resource management, notifications
  • Wide range of standard reports/dashboards which can be customized
  • Project, programme, portfolio and departmental analysis and reporting
  • Use our free planning tool or use MS Project
  • Sophisticated permissions management; unlimited number of projects and users
  • Full audit trail, QA audit and governance features
  • Web-based, with browser interface: ideal for Tablets and Smartphones


  • Quick set up off-the-shelf
  • Easy to adopt using the tools that users know well
  • Instant projects using the unique Method Template approach
  • Centralizing all your project documents in one place saves time/money
  • Generates confidence through powerful assurance and audit tools
  • Improves communication and collaboration with instant access to project information
  • Delighted stakeholders: information is available to sponsors and stakeholders
  • Flexible operation: use Browser App or Windows App
  • Fit for purpose: provides the tools used on typical projects
  • Cost effective: does not require consultancy support to set up


£3 to £18 per user per month

Service documents

G-Cloud 10


Prosis Solutions Ltd

Neil Hurford


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Browser Requirements: Industry-standard browsers can be used.
  • Mobile devices: Android and IPhone devices are supported.
  • Microsoft Office (2007 or above) is required for file management
  • MS Windows Operating System(only required for Windows App)
  • Processor: Minimum – SingleCore 32bit; Recommended - MultiCore 64bit
  • Memory: Minimum: 1 Gb; Recommended – 2 Gb
  • Disk: Minimum - 20 Gb; Recommended – 40Gb
  • System Requirements are also provided in our Service Definition Document

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide a support service which operates the core hours of 8.30-17.30 UK working days, via email, phone and remote access. Our response is graded according to the nature of the issue raised. Details are provided in the Service Level Agreement included in the Terms & Conditions document.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide customer technical support via our UK-based support service. We respond in line with our standard Prioritisation Classification, namely Categories A, B, C & D.

Cat A: Definition – Service is unavailable to users; Response Timescale – 1 hour.
Cat B: Definition – A major piece of functionality is unavailable; Response Timescale – 3 hours.
Cat C: Definition – Minor functional problem with work around available; Response Timescale – 8 hours.
Cat D: Definition – Request for Improvement or advice, “how do I” type question; Response Timescale – 12 hours.

Response Timescale is the time taken for the Support team to contact you (quoted in working hours) to discuss your issue and to obtain background information, not the time taken to address the issue raised. Most agreed issues which require code changes will be scheduled into the next release; intermediate patch releases may be generated in some circumstances. In order to address an issue it may be that the customer is required to upgrade to the latest release.

The above describe our standard support levels which is included in the monthly charge.

For the larger implementations (eg unlimited license), we provide a named technical account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide on-line and on-site training which are supported by an extensive range of training videos.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We do this for them. We provide them with all their documentation in an industry-standard format in an Explorer-tree type structure.
End-of-contract process There is no additional cost for off-boarding. We provide the users with the complete set of their documentation in an industry-standard format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service provides all the functionality required for the day-to-day management of projects and portfolios. A small number of admin-related and customisation features are only available on the desk-top service.
Accessibility standards None or don’t know
Description of accessibility Our system is compatible with a number of Assistive Technologies, this is the case for both the Browser App and the Software App. In particular, our tools integrate well with the standard MS Windows Accessibility tool set, namely Narrator, Screen Magnifier, On screen keyboard & Speech Recognition . These assistive technologies work as well on our interfaces as they do on standard MS Office applications.

We have also used our service, and provided training to users, with specialist screen reader software such as JAWS.
Accessibility testing We have provided training in our software to one user who was using the JAWS screen-reader software.
What users can and can't do using the API A full .NET web services API is provided by PROJECT in a box Live Edition. This is used routinely to connect the Browser and Windows Applications with the server. Once we have provided appropriate security credentials customers can use these existing web services to integrate PROJECT in a box Live Edition capabilities into their other applications. Use of the API is not limited and is covered by the maintenance contract so we will support customers with their integration activities.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Methods, reports and aspects of the user interface can all be customised. We provide an additional software tool to aid customisation. Users with Admin permissions can undertake customisation


Independence of resources Customers of our Unlimited Service and our Enhanced Hosting service have a dedicated physical server and this enables them to have dedicated resources at their disposal. Customers of PROJECT in a box Live Edition on our standard hosting have dedicated storage space.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach The physical location of our host is secure with access to the hardware limited. Electronic access to the server is also limited to Prosis Solutions employees working on the PROJECT in a box Live Edition service. All back up data is encrypted. Our Enhanced hosting service provides Encryption of physical media.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach We provide them with the data in industry-standard format in an Explorer-type structure.
Data export formats
  • CSV
  • Other
Other data export formats
  • .doc
  • .pdf
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Office formats: .docx, .doc, .pptx, .ppt, .xlsx, .xls, .mpp
  • .pdf
  • .jpg

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our third-party hosting provider through an SLA with us provides a guarantee of >99.9% availability (excluding planned downtime). We do not guarantee levels of availability, but we target a service availability level of 99.5%. Our experience has been that, other than for planned downtime, we have met or exceeded that target level.
Approach to resilience Our third-party datacentre provider (UK Fast) is accredited to ISO 27001 and ISO 9001, and complies with the EU Code of Conduct for Operations for datacentres. The server is hosted in a highly secure UK-based Tier 2 datacentre. The server is patched and updated in line with manufacturers recommendations.

A range of backup solutions are used to ensure minimal downtime should data loss occur, or should you need to recover your data from an earlier time. Firstly, UKFast provision a 7 day backup cycle consisting of 1 full backup and 6 incremental backups. Restore points are available across the 7 day period. Secondly, a secondary mechanism sees the data from the server backed up encrypted and transferred off site, the last seven days of these plus the preceding three Friday night back ups are retained on a rolling cycle. We regularly test this back up regime by restoring sites from it to test the robustness of the service.

UKFast provide disaster recovery guarantee which in the unlikely event of a complete failure of the server would enable a new alternative server to be provisioned directly from the last primary back up within 48 hours.
Outage reporting We are informed of any service outages emanating from the host by email. We also run a service which routinely polls each PROJECT in a box Live Edition server and logs availability and other stats, feeding a private dashboard. In the event of an unavailability being detected we can report this to the customer by email should they wish to be informed.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Our standard hosted service uses username and password authentication, with credentials sent over a secure connection. In our optional Enhanced Hosting we can offer other features e.g. access control by firewall rules, VPN etc.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials.
Information security policies and processes We comply with Cyber Essentials and have been awarded the appropriate certificate. Our Board-level IT Director has overall responsibility for IT security issues, and our security policies and processes are reviewed annually by the Board in order to confirm that they continue to be appropriate. As a design policy for our products, we use industry-standard patterns and technologies (primarily Microsoft) to provide a package that is easy to implement in a security context.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Each component is individually versioned controlled and numbered through development. A source code control system (Subversion) is used for multi-developer components during coding. A product build, with it's own version numbering, is composed of a set of versioned components. These are noted and the source archived as a baseline set. An issue log is kept at the product build level. Functionality and security assessment is done at the product build level, or using a test harness at the component level as appropriate.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We assess for potential threats using a range of tools and advice from the Kali Linux suite

We do this on a regular basis, and apply to each release.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Internally-run penetration tests identify potential issues which are assessed and prioritized for action. Our optional Enhanced Hosting includes ISP-provided services for monitoring and threat detection/mitigation. For example:

1) File Integrity Monitoring - this looks at specific folders and files and alerts to any modification - usually used on the checkout areas of eCommerce sites; if the code is amended it alerts.

2) Logging - a log of access to the server; it will alert you if anyone attempts to 'brute force' the system.

3) Vulnerability Scanning - monthly scans/reports to highlight any vulnerability of Operating System, server ports, protocols, services.
Incident management type Supplier-defined controls
Incident management approach Incidents alerts may come from a number of sources: internally during testing, end-user setup/configuration, training activities, reported by customers, reported from the hosting service provider. These are logged in our Incident Log. They are then assessed and prioritized for action accordingly.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3 to £18 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑