Mosaique Limited


Aspyre is a cloud-based, portfolio, programme, project & PMO management software tool with a proven track-record of: increasing the visibility of your portfolio of programmes and projects; ensuring consistent, standardised and real-time reporting; achieving significant financial savings; enabling seamless, collaborative working with external organisations; promoting innovation by capturing ideas.


  • Portfolio, programme, project and PMO management
  • Risk and issue management
  • Milestones and dependencies management
  • Financial (savings and costs)and other benefits management
  • Strategic objectives, KPIs and efficiency targets
  • Initiatives and ideas management
  • Resource planning and tracking (including timesheets)
  • Lessons learned information
  • Extensive reporting suite and multiple dashboards
  • Meeting minutes and agendas - improves meeting administration


  • Improves visibility of portfolios/programmes/projects across your entire organisation
  • Provides a consistent way of working
  • Significantly reduces the time taken to produce reports
  • Data is entered once but reported in many ways
  • Facilitates better planning of programmes and projects
  • Enables seamless collaborative working, internally and with external partner organisations
  • Allows lessons learned to be captured, shared and reported on
  • Effectively manages your resources
  • Helps to ensure programme/project benefits are realised
  • Extensive in-house public sector experience to help facilitate implementations


£16.00 to £25.00 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 4 9 6 7 8 8 6 6 1 9 7 6 7 3


Mosaique Limited Neil Cassidy
Telephone: 01564 711201

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
The service may be unavailable for a short time after 21:00hrs to allow for periodic updating of the application.
System requirements
  • Connection to the internet
  • Web browser - all common browsers and versions are supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our cloud-based ticketing system will instantly log all calls and reply back to the sender with an email acknowledging receipt.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
As part of an 'Aspyre Package', we will carry out all of the initial setup and configuration of Aspyre’s ‘tree structure’. We will use our extensive experience to help you quickly see results from Aspyre. This will involve the creation of folders that represent your organisation's structure, all your divisions/departments together with folders for each of your programmes and projects, a number of which we will flesh out ‘end-to-end’ with data provided by yourselves. We can complete this and get you up and running, including training of your users, in a matter of days. This is something that really sets us apart from our competition where it’s common to wait several months to get their systems configured and users allowed onto it.

We also include a Reporting Guidance document, customised for your own organisation, that will show the ‘minimum dataset’ that needs to be completed in order to produce meaningful reports etc. We will then use this document to provide on-screen ‘hover text’ to assist users and flag up mandatory fields to be completed.

We will provide a dedicated technical account manager that can be contacted via phone or email.

Our Aspyre Support team are also available via email.
Support available to third parties

Onboarding and offboarding

Getting started
We typically provide onsite training but online training can also be provided, if required. During COVID-19 lockdown, this is something that we successfully provided to all our existing and new clients.
Extensive user documentation, templates, training manuals and 'How To' videos can be found within the 'Help' section of the application. Hard copies of all documentation can also be provided, if required.
Service documentation
Documentation formats
End-of-contract data extraction
Users can extract data themselves via an xml export facility.
We can also provide a flat file of client data at the end of a contract.
End-of-contract process
We can provide a flat file of data at the end of a contract. This will not include any external documents that a client may have uploaded to the application. These can be retrieved by the client themselves or we can carry this out on their behalf but this would incur additional costs.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No difference other than screen size. The application automatically resizes to fit the available screensize. If data is amended using a mobile device then this will automatically be reflected in the desktop service, and vice versa.
Service interface
Customisation available
Description of customisation
As part of an Aspyre Package, we will carry out the initial configuration of your system based on working directly with yourselves and sharing our extensive experience of working with similar clients. We will also train a number of your own users to be in-house 'Administrators' so that they will be able to carry out these tasks autonomously in the future.

Aspyre can be configured in the following ways:
Functionality/screens can be enabled/disabled.
Additional data fields can be added and/or removed, if not required.
Data field names on each screen can be amended to suit.
Choices in drop-down lists can be added to/amended.
Data fields can be made mandatory.
Hover text (on-screen guidance notes) can be added to assist users.
Logos can be uploaded and assigned to different areas of Aspyre, as required. The relevant logo is then automatically included on all reports generated from Aspyre.

Unlike other systems, Aspyre allows multiple configurations of all the functionality mentioned above to be applied to different areas of the 'tree structure' - this allows separate organisations and/or departments to work in the exact way that they want and produce the required reports for their respective audiences.


Independence of resources
Performance of the Aspyre system is monitored on a regular basis through reports provided by our third-party data hosting provider (Amazon Web Services).

Each client has their own individual Aspyre database stored on the server.


Service usage metrics
Metrics types
Users with Administrator level access can use a suite of administrative tools including an 'Audit Trail' facility.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data via xml reporting functionality. All other reports generated within Aspyre can also be exported into common formats such as .pdf, .xls, .rtf, etc. and exported.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • XLS
  • RTF
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
.mpp (MS Project files)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please refer to 'Addendum 1 - Service Level Agreement' which can be found in the document - Aspyre Terms and Conditions for G-Cloud 12.
Approach to resilience
Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 12.
Outage reporting
Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 12.

Identity and authentication

User authentication needed
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Our management interfaces use role-based access control to limit
functionality to specific user accounts.
These Administrator roles can be used by clients to tailor functionality of the application, setup and configure user access rights, etc. They can also be configured so as to only have Administrator rights for a particular area/division/department.
Our support staff have global access to the entire application in order to be provide first-class levels of support.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The ISO/IEC 27001 accreditation mentioned above applies to the data hosting provided by our third-party partners, AWS. Further documentation around this and any other data-hosting related information is available on request.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
It is the Policy of Mosaique Limited to ensure that:
i) Information will be protected from a loss of: confidentiality, integrity and availability.
ii) Regulatory and legislative requirements will be met.
iii) Business continuity plans will be produced, maintained and tested.
iv) Information security training will be available to all staff.
v) All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager.

Guidance and procedures have been produced to support this policy. These include incident handling,information backup, system access, virus controls, passwords and encryption.
The role and responsibility of the designated Information Security Manager is to manage information security
and to provide advice and guidance on implementation of the Information Security Policy.
The designated owner of the Information Security Policy has direct responsibility for maintaining and reviewing the Information Security Policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a robust and mature change process that is fully integrated throughout all areas of the business asset change lifecycle.
Change and configuration management activities conducted by Mosaique include: logging and scheduling of service requests received from clients, impact and risk analysis of proposed changes in liaison with relevant 3rd parties, including change approval, security review and regression planning, maintenance of a log of changes; a summary of relevant changes is provided to customers on a quarterly basis.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of our centralised patch management and monitoring process, we ensure that operating system patches and enhancements are assessed and applied to our management and customer infrastructure in a regular, timely manner with the minimum impact to service. Any minor updates that may be required are carried out to the server after 21:00hrs.
We maintain our situational awareness of new and emerging threats through engagement with vendors, CERTS and specialist groups.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All Aspyre data is held by our third-party data hosting provider - Amazon Web Services (AWS).

AWS undertake to provide monitoring, management and issue resolution for the server hardware, operating system, web services and Internet from their Tier-4 Data centre.

Monitoring of hardware, specific processes and agreed applications are managed via AWS's monitoring solution.

The core networking infrastructure, including switches and firewalls, and every server hosted in the AWS Environment are monitored around the clock. Server monitoring includes network connection, http response, processor usage, disk space usage as well as key processes and services.
Incident management type
Supplier-defined controls
Incident management approach
We operate a well-defined and established incident management process to log, assign and diagnose incidents based upon urgency and impact and to restore service operation as quickly as possible with the minimum of disruption, in line with our SLAs.
Users will report incidents via email to our Aspyre Support team.
An incident priority will be established and the incident will be logged on our ticketing system.
Diagnostics and investigations will be carried out until the incident has been satisfactorily resolved.
Please refer to the following document for further information - Aspyre Service Definition for G-Cloud.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£16.00 to £25.00 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
Core functionality included in 30-day trial version:
Summary Information
Details/Project Initiation Document (PID)
Risks & Issues
Plan (including Gantt)
Document Storage
Meetings Module
Reporting Suite

Excluded Functionality:
KPIs & Objectives
Lessons Learned
Additional Reports

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.