Traqplan limited

Traqplan Portfolio Management - Scheduling, Reporting, Dependencies, Risks and Assumption Management

Traqplan creates a plan-on-a-page for your portfolio of projects combining plans from multiple sources such as Microsoft Project. Traqplan is also popular for allowing non project people to create simple timelines for the portfolio plan-on-a-page.

Traqplan also manages portfolio risks, dependencies, issues and assumptions and can be integrated with P6.


  • Creates professional timelines with swimlanes across the portfilio.
  • Track changes against a baseline for multiple views
  • Establishes one source of truth for project planning.
  • Create simple plans for non-project professionals.
  • Centralises risks for easy management and tracking across diverse teams.
  • Extremely simple user interface provides simpler alternative to MS Project.
  • All data is encrypted at rest and in transit.
  • Visually create milestones and activities plan on a page.
  • Centrally capture and manage dependencies, issues and assumptions
  • Dependency Management


  • Standardises the timeline view across the portfolio and department.
  • Centralises the location of plans within the department.
  • Establishes one source of truth.
  • Reduces the learning curve for rapidly onboarding EO grade planners.
  • Improves resilience within the planning team as staff move.
  • Creates powerful rapid feedback loop between PMO and project teams.
  • Reduces reporting burden on teams and enables faster reporting cycles.
  • Removes human error within the PMO when updating plans.
  • Centralised risk register helps standardise risk management across the department.
  • Enables collaboration between colleagues working locally and overseas.


£15 to £150 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 5 2 3 3 8 4 9 6 8 6 5 0 0 5


Traqplan limited Colin Ward
Telephone: 07825 883 159

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Microsoft Project
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Requires google Chrome or Firefox web browser to run.
System requirements
Requires software licences to be bought.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We offer different response times based on the criticality of the issue as identified in the support request.

1) Business Critical – Your normal service requires urgent support to perform essential duties. Response time within 2 hours.

2) Material Fault - Interruption to normal service – You are still able to perform the majority of business functions. Response time 4 hours.

3) Cosmetic Fault - 8 hours

4) Change request - 8 hours

Standard hours for support are Monday - Friday, 0900 to 1700.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We offer one support structure which allows the user to purchase a "package" of days with volume discount

Support Package Costs:
2 days £1,500 per day
5 days £1,250 per day
10 days £1,000 per day
Additional support can be purchased in these multiples.

We also offer packages of classroom training specific to the traqplan software which can be more cost efficient for larger groups of people;

Prices for training courses;
2 courses £1500 per course
5 courses £1250 per course
10 courses £1000 per course (covers 80 people)

We appoint an account manager to a customer and an engineer is allocated depending on the nature of the enquiry.
Standard support is Monday to Friday, 0900 to 1700.
Support available to third parties

Onboarding and offboarding

Getting started
We provide training, access to video tutorials and documentation.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Powerpoint training material and user manual
End-of-contract data extraction
The users can extract their data by requesting it via email.
End-of-contract process
At the end of contract the user login access is removed, and the customer details are deleted. There is no additional cost.

Using the service

Web browser interface
Supported browsers
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
The interface to the service is via a web domain which provides login access. This login can be integrated with the customer secure services such as Okta , or via an OAuth2 provider. On logging in the user can access their organisation account. The service is only available through web browsers and the data and usage is not suitable for smaller screens such as smart phones or small laptop screens.
Accessibility standards
None or don’t know
Description of accessibility
All of our graphical elements have textual descriptions.
Our control buttons have text embedded in the button with tooltips and the menus are plain text.
Our application is not intended to generate a sensory experience.
We provide training material in video format with audio, however for accessibility this is also made available in written format (pdf) with textual descriptions.
Accessibility testing
We have tested with an experienced user of JAWS (assistive technology for the visually impaired experienced). While the tool itself can read lists we were provided feedback that the nature of our application is extremely graphical and indeed the purpose of our application is to convert tabular textual data into graphics. The JAWS application works better with the raw data which we use as input, therefore users of assistive technology would read the raw source data we use as input which is readily available.
Customisation available
Description of customisation
Administrators can add normal user accounts;
All users (both administrators and non-admin) can tailor the views they wish to create, and can save bespoke views of their plans and data.
The type of customisation they can achieve includes completely designing their own views and saving multiple views, changing symbol colour , shape and text descriptions. They can change the plan activity bars colour, size and text descriptions.

Customisation is all done view the web browser user interface graphical user interface.


Independence of resources
Traqplan is a Cloud Native architecture, consisting of containerised micro-services, and is designed for horizontal scaling. Resources can be scaled to meet demand.


Service usage metrics
Metrics types
We can provide metrics on file upload data and time.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users export their data by printing it from within the application. This can be printed to hard copy or to pdf or softcopy using export function provided.
Data export formats
  • CSV
  • Other
Other data export formats
  • Pdf
  • Hard copy
  • Excel
  • Jpeg
  • Png
Data import formats
Other data import formats
Microsoft Project files

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We use Microsoft Azure as our hosting environment and pass through the following service level agreement commitments;

99.9% availability of service and data
If less than 99.9% availability per month we will return 10% service credit
If less than 90% availability per month we will return 25% service credit
Approach to resilience
We prefer not to make this information public, and we will provide this information on request.
Outage reporting
We report outages via email alerts to the designated customer administrators for the application service.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
We can also integrate with any organisations bespoke authentication service.
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is controlled and restricted using role based access controls.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Less than 1 month
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Certification

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We are working towards ISO27001 standards and our processes are aligned towards this. Our processes outline responsibility towards security throughout the company and supply base with security terms built into contracts and training rolled out internally. Our governance against our processes is led from the top of the company down with CEO ensuring regular audits are performed. Our incident response process ensures transparency with our customers and builds in lessons learned for continual improvement. These policies are built into our security policies and adherence to our policy standards (or similar) are built into service contracts and employment contracts.
Information security policies and processes
Our security policies are based on ISO27001 standards as we are working towards ISO27001 certification.

Our documented policies include the following;
(1) Information Security Policy (ISP ) which outlines the security framework, leadership commitment, organisational aspects and operational assurances we are committed to performing.

(2) Information Security Management System (ISMS) which goes into specific detail across a broad range of areas per ISO27001 and how we conduct ourselves.

(3) Incident Response Plan which outlines how we respond when an incident is found and repeats our commitment to transparency with our customers and how we involve outside agencies where appropriate including ICO, law enforcement and the customers.

(4) Risk Management Process which defines how we assess and pre-empt security risks.

Reporting Structure
Our policies define that security is led from the top of the company ultimately through the CEO and evidence of adherence to security policies is a standing agenda item in the company board reviews. The incident response plan defines the reporting of incidents from the point where the incident was noticed directly through the named data security officer with the CEO being informed of every incident.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
New Development or infrastructure: Board reviews major choice of infrastructure.

Quality Testing: Systems components are selected and regularly reviewed for currency, regularity of updates and industry wide adoption. Our system updates do not depend on board review for approval and can be rolled out in faster controlled process to respond to security threats.

We test all changes in a test environment before deploying them to live production systems.

We use role-based access to control authorisation to change production systems.

Scripted deployment for automatic deployment from source control, eliminates human error, and assures the configuration of deployed software.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We identify and mitigate security issues using the following approach;
(a) we assess vulnerabilities by running automatic audit tools on the software to flag where known vulnerabilities exist and where patches are available.
(b) continuously check for known vulnerabilities against the software systems, components and libraries we use. We apply patches within two weeks to close known vulnerabilities. When no patches or updates exist we assess the risk of the vulnerability to determine the safest course of action.
(c) we get information from CiSP membership bulletins and by news bulletins from membership forums such as the International Systems Security Association.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring – in order to detect attacks and unauthorised activity on the service we employ a combination of automated audit logging and regular analysis of these. If a potential compromise is discovered we look more closely at audit logs and logins to determine if a compromise has actually occurred. In addition, we determine a risk score based upon 3 factors: the likely threats; the likelihood that there was a compromise; the impact of the compromise. We respond within 24 hours.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a detailed incident response plan document covering processes for all events including common events

Users report incidents through the DPO in written form and verbally.

Incident reports are captured in written form and emailed.

Our process;
1) The discoverer captures details and alerts the designated DPO
2) Incident analysed , categorised and recorded
3) Recommend changes to prevent propagation
4) Restore the affected system(s) .
5) Preserve evidence and permanent log of incident
7) Notify proper external agencies and customers as appropriate.
8) Review response and update policies—plan and take preventative steps so the intrusion can't happen again.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£15 to £150 a user a month
Discount for educational organisations
Free trial available
Description of free trial
The trial is available for full access to all the application features for four weeks duration.

This does not include;
a) bespoke requirements to enable access to the system
b) access to the support SLA
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.