Prosis Solutions Ltd

PROJECT in a box Live Edition

Enterprise, SaaS-based project management software for managing projects, programmes and portfolios (PM, PPM, PPPM software). Planning, resourcing, risk, issue & benefit management, reporting, dashboards, notifications and collaboration. Ideal for your Project Management Office (PMO). PRINCE2, Managing Successful Programmes (MSP), Praxis Framework, Agile, DSDM-Atern included; or use your own bespoke methodology.


  • PRINCE2, MSP, Agile, Praxis Framework and our generic methods
  • PPM software: ideal for your Project Management Office (PMO software)
  • Management tools, eg document management, approvals, assurance, collaboration and search
  • Project controls: plans, risks, issues, cost, benefits, resource management, notifications
  • Wide range of standard reports/dashboards which can be customized
  • Project, programme, portfolio and departmental analysis and reporting
  • Use our free planning tool or use MS Project
  • Sophisticated permissions management; unlimited number of projects and users
  • Full audit trail, QA audit and governance features
  • Web-based, with browser interface: ideal for Tablets and Smartphones


  • Quick set up off-the-shelf
  • Easy to adopt using the tools that users know well
  • Instant projects using the unique Method Template approach
  • Centralizing all your project documents in one place saves time/money
  • Generates confidence through powerful assurance and audit tools
  • Improves communication and collaboration with instant access to project information
  • Delighted stakeholders: information is available to sponsors and stakeholders
  • Flexible operation: use Browser App or Windows App
  • Fit for purpose: provides the tools used on typical projects
  • Cost effective: does not require consultancy support to set up


£3 to £18 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 1 9 8 7 9 4 8 7 1 9 2 1 1 3


Prosis Solutions Ltd Neil Hurford
Telephone: 07974870430

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Browser Requirements: Industry-standard browsers can be used.
  • Mobile devices: Android and IPhone devices are supported.
  • Microsoft Office (2007 or above) is required for file management
  • MS Windows Operating System(only required for Windows App)
  • Processor: Minimum – SingleCore 32bit; Recommended - MultiCore 64bit
  • Memory: Minimum: 1 Gb; Recommended – 2 Gb
  • Disk: Minimum - 20 Gb; Recommended – 40Gb
  • System Requirements are also provided in our Service Definition Document

User support

Email or online ticketing support
Email or online ticketing
Support response times
Details of our response times are provided in our Service Level Agreement.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We provide customer technical support via our UK-based support service. We respond in line with our standard Prioritisation Classification, namely Categories A, B, C & D.

Cat A: Definition – Service is unavailable to users; Response Timescale – 1 hour.
Cat B: Definition – A major piece of functionality is unavailable; Response Timescale – 3 hours.
Cat C: Definition – Minor functional problem with work around available; Response Timescale – 8 hours.
Cat D: Definition – Request for Improvement or advice, “how do I” type question; Response Timescale – 12 hours.

Response Timescale is the time taken for the Support team to contact you (quoted in working hours) to discuss your issue and to obtain background information, not the time taken to address the issue raised. Most agreed issues which require code changes will be scheduled into the next release; intermediate patch releases may be generated in some circumstances. In order to address an issue it may be that the customer is required to upgrade to the latest release.

The above describe our standard support levels which is included in the monthly charge.

For the larger implementations (eg unlimited license), we provide a named technical account manager.
Support available to third parties

Onboarding and offboarding

Getting started
We provide on-line and on-site training which are supported by an extensive range of training videos.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We do this for them. We provide them with all their documentation in an industry-standard format in an Explorer-tree type structure.
End-of-contract process
There is no additional cost for off-boarding. We provide the users with the complete set of their documentation in an industry-standard format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile service provides all the functionality required for the day-to-day management of projects and portfolios. A small number of admin-related and customisation features are only available on the desk-top service.
Service interface
Description of service interface
We provde two service interfaces - the Browser App and the Windows App.

Browser App - this provides all the essential functionality for creating and managing your projects The full range of commercially-available browsers is supported and it will run on any device supporting a browser.

Windows App - this is fully featured and the interface of choice for frequent and high functionality users. This interface provides access to the system customization capabilities.

The Service Interfaces are based on a .NET based SOAP/XML interface over HTTPS used for client-server communication but also available for 3rd party integration.
Accessibility standards
None or don’t know
Description of accessibility
We use industry standard formats. This means that the range of Assistive Technologies that are provided by the Windows operating system can be used; these include:

• Speech recognition
• Narrator
• Click lock
• On-screen keyboard
• Cursor blink rate
Accessibility testing
During product training that has involved people who use assistive technologies, we have undertaken basic tests to confirm that standard assistive technologies function satisfactorily with our product.
What users can and can't do using the API
A full .NET web services API is provided by PROJECT in a box Live Edition. This is used routinely to connect the Browser and Windows Applications with the server. Once we have provided appropriate security credentials customers can use these existing web services to integrate PROJECT in a box Live Edition capabilities into their other applications. Use of the API is not limited and is covered by the maintenance contract so we will support customers with their integration activities.
API documentation
API sandbox or test environment
Customisation available
Description of customisation
Methods, reports and aspects of the user interface can all be customised. We provide an additional software tool to aid customisation. Users with Admin permissions can undertake customisation


Independence of resources
Customers of our Unlimited Service and our Enhanced Hosting service have a dedicated physical server and this enables them to have dedicated resources at their disposal. Customers of PROJECT in a box Live Edition on our standard hosting have dedicated storage space.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Other data at rest protection approach
The physical location of our host is secure with access to the hardware limited. Electronic access to the server is also limited to Prosis Solutions employees working on the PROJECT in a box Live Edition service. All back up data is encrypted. Our Enhanced hosting service provides Encryption of physical media.
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
We provide them with the data in industry-standard format in an Explorer-type structure.
Data export formats
  • CSV
  • Other
Other data export formats
  • .doc
  • .pdf
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Office formats: .docx, .doc, .pptx, .ppt, .xlsx, .xls, .mpp
  • .pdf
  • .jpg

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our third-party hosting provider through an SLA with us provides a guarantee of >99.9% availability (excluding planned downtime). We do not guarantee levels of availability, but we target a service availability level of 99.5%. Our experience has been that, other than for planned downtime, we have met or exceeded that target level.
Approach to resilience
Our third-party datacentre provider (UK Fast) is accredited to ISO 27001 and ISO 9001, and complies with the EU Code of Conduct for Operations for datacentres. The server is hosted in a highly secure UK-based Tier 2 datacentre. The server is patched and updated in line with manufacturers recommendations.

A range of backup solutions are used to ensure minimal downtime should data loss occur, or should you need to recover your data from an earlier time. Firstly, UKFast provision a 7 day backup cycle consisting of 1 full backup and 6 incremental backups. Restore points are available across the 7 day period. Secondly, a secondary mechanism sees the data from the server backed up encrypted and transferred off site, the last seven days of these plus the preceding three Friday night back ups are retained on a rolling cycle. We regularly test this back up regime by restoring sites from it to test the robustness of the service.

UKFast provide disaster recovery guarantee which in the unlikely event of a complete failure of the server would enable a new alternative server to be provisioned directly from the last primary back up within 48 hours.
Outage reporting
We are informed of any service outages emanating from the host by email. We also run a service which routinely polls each PROJECT in a box Live Edition server and logs availability and other stats, feeding a private dashboard. In the event of an unavailability being detected we can report this to the customer by email should they wish to be informed.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Our standard hosted service uses username and password authentication, with credentials sent over a secure connection. In our optional Enhanced Hosting we can offer other features e.g. access control by firewall rules, VPN etc.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials.
Information security policies and processes
We comply with Cyber Essentials and have been awarded the appropriate certificate. Our Board-level IT Director has overall responsibility for IT security issues, and our security policies and processes are reviewed annually by the Board in order to confirm that they continue to be appropriate. As a design policy for our products, we use industry-standard patterns and technologies (primarily Microsoft) to provide a package that is easy to implement in a security context.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Each component is individually versioned controlled and numbered through development. A source code control system (Subversion) is used for multi-developer components during coding. A product build, with it's own version numbering, is composed of a set of versioned components. These are noted and the source archived as a baseline set. An issue log is kept at the product build level. Functionality and security assessment is done at the product build level, or using a test harness at the component level as appropriate.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We assess for potential threats using a range of tools and advice from the Kali Linux suite

We do this on a regular basis, and apply to each release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Internally-run penetration tests identify potential issues which are assessed and prioritized for action. Our optional Enhanced Hosting includes ISP-provided services for monitoring and threat detection/mitigation. For example:

1) File Integrity Monitoring - this looks at specific folders and files and alerts to any modification - usually used on the checkout areas of eCommerce sites; if the code is amended it alerts.

2) Logging - a log of access to the server; it will alert you if anyone attempts to 'brute force' the system.

3) Vulnerability Scanning - monthly scans/reports to highlight any vulnerability of Operating System, server ports, protocols, services.
Incident management type
Supplier-defined controls
Incident management approach
Incidents alerts may come from a number of sources: internally during testing, end-user setup/configuration, training activities, reported by customers, reported from the hosting service provider. These are logged in our Incident Log. They are then assessed and prioritized for action accordingly.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£3 to £18 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.