Enterprise, SaaS-based project management software for managing projects, programmes and portfolios (PM, PPM, PPPM software). Planning, resourcing, risk, issue & benefit management, reporting, dashboards, notifications and collaboration. Ideal for your Project Management Office (PMO). PRINCE2, Managing Successful Programmes (MSP), Praxis Framework, Agile, DSDM-Atern included; or use your own bespoke methodology.
- PRINCE2, MSP, Agile, Praxis Framework and our generic methods
- PPM software: ideal for your Project Management Office (PMO software)
- Management tools, eg document management, approvals, assurance, collaboration and search
- Project controls: plans, risks, issues, cost, benefits, resource management, notifications
- Wide range of standard reports/dashboards which can be customized
- Project, programme, portfolio and departmental analysis and reporting
- Use our free planning tool or use MS Project
- Sophisticated permissions management; unlimited number of projects and users
- Full audit trail, QA audit and governance features
- Web-based, with browser interface: ideal for Tablets and Smartphones
- Quick set up off-the-shelf
- Easy to adopt using the tools that users know well
- Instant projects using the unique Method Template approach
- Centralizing all your project documents in one place saves time/money
- Generates confidence through powerful assurance and audit tools
- Improves communication and collaboration with instant access to project information
- Delighted stakeholders: information is available to sponsors and stakeholders
- Flexible operation: use Browser App or Windows App
- Fit for purpose: provides the tools used on typical projects
- Cost effective: does not require consultancy support to set up
£3 to £18 per user per month
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Prosis Solutions Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We provide a support service which operates the core hours of 8.30-17.30 UK working days, via email, phone and remote access. Our response is graded according to the nature of the issue raised. Details are provided in the Service Level Agreement included in the Terms & Conditions document.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We provide customer technical support via our UK-based support service. We respond in line with our standard Prioritisation Classification, namely Categories A, B, C & D.
Cat A: Definition – Service is unavailable to users; Response Timescale – 1 hour.
Cat B: Definition – A major piece of functionality is unavailable; Response Timescale – 3 hours.
Cat C: Definition – Minor functional problem with work around available; Response Timescale – 8 hours.
Cat D: Definition – Request for Improvement or advice, “how do I” type question; Response Timescale – 12 hours.
Response Timescale is the time taken for the Support team to contact you (quoted in working hours) to discuss your issue and to obtain background information, not the time taken to address the issue raised. Most agreed issues which require code changes will be scheduled into the next release; intermediate patch releases may be generated in some circumstances. In order to address an issue it may be that the customer is required to upgrade to the latest release.
The above describe our standard support levels which is included in the monthly charge.
For the larger implementations (eg unlimited license), we provide a named technical account manager.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide on-line and on-site training which are supported by an extensive range of training videos.|
|End-of-contract data extraction||We do this for them. We provide them with all their documentation in an industry-standard format in an Explorer-tree type structure.|
|End-of-contract process||There is no additional cost for off-boarding. We provide the users with the complete set of their documentation in an industry-standard format.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The mobile service provides all the functionality required for the day-to-day management of projects and portfolios. A small number of admin-related and customisation features are only available on the desk-top service.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Our system is compatible with a number of Assistive Technologies, this is the case for both the Browser App and the Software App. In particular, our tools integrate well with the standard MS Windows Accessibility tool set, namely Narrator, Screen Magnifier, On screen keyboard & Speech Recognition . These assistive technologies work as well on our interfaces as they do on standard MS Office applications.
We have also used our service, and provided training to users, with specialist screen reader software such as JAWS.
|Accessibility testing||We have provided training in our software to one user who was using the JAWS screen-reader software.|
|What users can and can't do using the API||A full .NET web services API is provided by PROJECT in a box Live Edition. This is used routinely to connect the Browser and Windows Applications with the server. Once we have provided appropriate security credentials customers can use these existing web services to integrate PROJECT in a box Live Edition capabilities into their other applications. Use of the API is not limited and is covered by the maintenance contract so we will support customers with their integration activities.|
|API sandbox or test environment||Yes|
|Description of customisation||Methods, reports and aspects of the user interface can all be customised. We provide an additional software tool to aid customisation. Users with Admin permissions can undertake customisation|
|Independence of resources||Customers of our Unlimited Service and our Enhanced Hosting service have a dedicated physical server and this enables them to have dedicated resources at their disposal. Customers of PROJECT in a box Live Edition on our standard hosting have dedicated storage space.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||The physical location of our host is secure with access to the hardware limited. Electronic access to the server is also limited to Prosis Solutions employees working on the PROJECT in a box Live Edition service. All back up data is encrypted. Our Enhanced hosting service provides Encryption of physical media.|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||We provide them with the data in industry-standard format in an Explorer-type structure.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Our third-party hosting provider through an SLA with us provides a guarantee of >99.9% availability (excluding planned downtime). We do not guarantee levels of availability, but we target a service availability level of 99.5%. Our experience has been that, other than for planned downtime, we have met or exceeded that target level.|
|Approach to resilience||
Our third-party datacentre provider (UK Fast) is accredited to ISO 27001 and ISO 9001, and complies with the EU Code of Conduct for Operations for datacentres. The server is hosted in a highly secure UK-based Tier 2 datacentre. The server is patched and updated in line with manufacturers recommendations.
A range of backup solutions are used to ensure minimal downtime should data loss occur, or should you need to recover your data from an earlier time. Firstly, UKFast provision a 7 day backup cycle consisting of 1 full backup and 6 incremental backups. Restore points are available across the 7 day period. Secondly, a secondary mechanism sees the data from the server backed up encrypted and transferred off site, the last seven days of these plus the preceding three Friday night back ups are retained on a rolling cycle. We regularly test this back up regime by restoring sites from it to test the robustness of the service.
UKFast provide disaster recovery guarantee which in the unlikely event of a complete failure of the server would enable a new alternative server to be provisioned directly from the last primary back up within 48 hours.
|Outage reporting||We are informed of any service outages emanating from the host by email. We also run a service which routinely polls each PROJECT in a box Live Edition server and logs availability and other stats, feeding a private dashboard. In the event of an unavailability being detected we can report this to the customer by email should they wish to be informed.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Our standard hosted service uses username and password authentication, with credentials sent over a secure connection. In our optional Enhanced Hosting we can offer other features e.g. access control by firewall rules, VPN etc.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials.|
|Information security policies and processes||We comply with Cyber Essentials and have been awarded the appropriate certificate. Our Board-level IT Director has overall responsibility for IT security issues, and our security policies and processes are reviewed annually by the Board in order to confirm that they continue to be appropriate. As a design policy for our products, we use industry-standard patterns and technologies (primarily Microsoft) to provide a package that is easy to implement in a security context.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Each component is individually versioned controlled and numbered through development. A source code control system (Subversion) is used for multi-developer components during coding. A product build, with it's own version numbering, is composed of a set of versioned components. These are noted and the source archived as a baseline set. An issue log is kept at the product build level. Functionality and security assessment is done at the product build level, or using a test harness at the component level as appropriate.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We assess for potential threats using a range of tools and advice from the Kali Linux suite http://kali.org.
We do this on a regular basis, and apply to each release.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Internally-run penetration tests identify potential issues which are assessed and prioritized for action. Our optional Enhanced Hosting includes ISP-provided services for monitoring and threat detection/mitigation. For example:
1) File Integrity Monitoring - this looks at specific folders and files and alerts to any modification - usually used on the checkout areas of eCommerce sites; if the code is amended it alerts.
2) Logging - a log of access to the server; it will alert you if anyone attempts to 'brute force' the system.
3) Vulnerability Scanning - monthly scans/reports to highlight any vulnerability of Operating System, server ports, protocols, services.
|Incident management type||Supplier-defined controls|
|Incident management approach||Incidents alerts may come from a number of sources: internally during testing, end-user setup/configuration, training activities, reported by customers, reported from the hosting service provider. These are logged in our Incident Log. They are then assessed and prioritized for action accordingly.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£3 to £18 per user per month|
|Discount for educational organisations||No|
|Free trial available||No|