Microsoft Project Server 2016 for better project, programme and portfolio management
Microsoft Project Server delivers a flexible and easy to use project and portfolio management solution covering the full project lifecycle. It assists organisations in aligning project portfolio budgets and resources to business objectives, enabling them to initiate, prioritise, track and deliver project, programme and portfolio investments to realise business value.
- Project demand management identifies new ideas and projects (Idea Management)
- Project portfolio definition and optimisation to drive best value selection
- Project resource management for managing demand, optimisation and capacity/timesheets
- Project schedule management for improved tracking and delivery
- Project financial management for budget, planned and actual costs
- Consolidated View of Projects Programmes and Portfolio
- Project team collaboration for improved working practices and understanding
- Project based business intelligence and reporting for improved decision management
- Securely hosted in datacentres with Security cleared, permanent employees
- Standardisation of PPM Methodologies and Frameworks
- Consistent project management data and processes
- Low total cost of ownership
- Improved quality, timeliness and cost effectiveness
- Enterprise-wide governance with standard gateway management
- Improved project investment strategy aligned to business needs
- Built-in capabilities including project dashboards, planning, risk and issue tracking
- Microsoft Gold Partner with ISO27001 certification
- Keeps investment risk at a manageable level
- Ensures the most expensive asset (resources) is optimally used
£6000 per server
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Program Planning Professionals Ltd (t/a Pcubed)
020 7462 0100
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||There are no other foreseeable constraints to the Services (e.g. maintenance windows, level of customisation permitted, schedule for deprecation of functionality/features etc.)|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||
Service-desk runs during UK office hours 9-5pm Mon-Fri.
Severity 1; Urgent - A full system outage (Support Manager)
Severity 2; High - A major element of the solution is not working at all(Support Manager)
Severity 3; Normal - A single or small element of the solution is not working and affecting a number of users (Support/Delivery team)
Severity 4; Low - problem which is affecting limited numbers of users (Support/Delivery team)
Severity 1: 1 hour-respond, 8 hours-resolve;
Severity 2: 4 hours-respond, 2 days-resolve;
Severity 3: 1 day-respond, 5 days-resolve;
Severity 4: 2 days-respond, 10 days-resolve.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support levels include Email, Phone, Service desk and Onsite assistance.
Each support request will receive a severity level which is tied to a service level metric. Service-level metrics specify the maximum amount of time to elapse before a customer, after opening an incident, the user will be contacted by a support representative. Initial response goals will be the same for all support package levels but will vary by severity. Initial technical response time is determined by the severity, as follows:
Severity 1; Urgent - A full system outage , the system is not working and this is affecting all users.
Severity 2; High - A major element of either the Microsoft PPM / EPM or Pcubed solution is not working at all and affecting all / nearly all users or the production of business critical reports.
Severity 3; Normal - A single or small element of the Microsoft PPM / EPM or Pcubed solution is not working and affecting a number of users or multiple teams.
Severity 4; Low -There is a problem which is affecting limited numbers of users or a less frequent part of the solution or regular reports.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Envisioning workshops, training , change management, providing a dedicated delivery team and support where necessary|
|Other documentation formats||
|End-of-contract data extraction||OData - extracting PO data to an excel spreadsheet and saving project plans in Microsoft Project|
Microsoft and Pcubed are certified in ISO 27001, this enables Pcubed to comply with high standards of all our customer’s data security and integrity. Upon exit, all customer information will be securely destroyed and confirmation will be provided.
Also, Microsoft implements destruction and confirmation of destruction of all data upon exit of contract.
If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the retention period) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of Microsoft Online Services Terms).
Using the service
|Web browser interface||No|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are screen user interface differences, however, there are no limited functionality features|
|What users can and can't do using the API||
Microsoft Project Server has an Open API that allows integration with other systems (uni and bi-directional).
The API access of the following types is available: REST, SOAP. For further information, please see: https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||The solution allows reports, letters and other communications to be customised with logos, fonts, branding and colours. Advanced customisation using pages, events, web pats and configuration can be provided to meet further requirements (e.g. add extra fields, access to API to build your own interfaces, etc.).|
|Independence of resources||Services are separated between different consumers (user specific installation and hardware).|
|Service usage metrics||Yes|
|Metrics types||Usage metrics|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Data is protected based on customer specific requirements|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Users can use OData to extract or import their data. Out of the box SharePoint allows export of all information to Excel. Pcubed could also develop specific reports relating to more detailed information and saving project plans in Microsoft Project.
Data is stored in SQL database and any application compliant with SQL can be used.
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Other protection between networks||For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacenters. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.|
|Data protection within supplier network||
|Other protection within supplier network||
Microsoft supports versions 1.0, 1.1, and 1.2 of the Transport Layer Security (TLS) protocol. This protocol is an industry standard designed to protect the privacy of information communicated over the Internet. TLS assumes that a connection-oriented transport, typically TCP, is in use. The TLS protocol allows client/server applications to detect the following security risks:
• Message tampering
• Message interception
• Message forgery
For further information, please refer to: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380516(v=vs.85).aspx
Availability and resilience
Microsoft provides a contractually backed SLA to a minimum of 99.9%
Backup, disaster recovery and resilience plan in place
|Approach to resilience||Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/|
Project Server 2016 can be hosted by the customer or on a Cloud Environment like Azure.
In case of customer hosting, customer policies and reporting tools will apply. In case of Azure Hosting, Azure will provide real time service outage dashboards.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
User access to interfaces is made possible with a user account.
Without an account, a user cannot access the service.
Access to the service is limited to authenticated and authorised users.
Usernames and password control remain under the buyers control.
|Access restrictions in management interfaces and support channels||
Access can be restricted based on the role of the user (administrator, team member with edit right, or only viewer).
In addition, if the user does not have a user account, they are restricted from the service.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||17/01/2017|
|What the ISO/IEC 27001 doesn’t cover||Control: The organisation shall supervise and monitor the activity of outsourced system development.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||29/04/2016|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||None|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Pcubed is ISO27001 certified for our information security management system. In relation to the provision of consultancy services.
Microsoft is also ISO27001 certified.
The Microsoft Cloud Security Policy is available via the Service Trust Platform aka.ms/step
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402.
The service has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1/SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. OSA combines this knowledge with experience of running hundreds of thousands of servers in datacentres around the world.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Project Server 2016 can be hosted by the customer or on a Cloud Environment like Azure.
In case of customer hosting, customer policies, management processes and reporting tools will apply.
In case of Azure Hosting: Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.
In addition to Microsoft’s ISO-27001 compliance, and their use of independent 3rd party penetration tests, they operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of their Operational Security Assurance (OSA).
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Configuration, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£6000 per server|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
A Trial of Project Server 2016 and SharePoint 2016 can be requested to Microsoft.
A Trial of Azure is available on: https://azure.microsoft.com/en-us/free/
|Link to free trial||https://azure.microsoft.com/en-us/free/|