Change and Transformation Services

AJACO are on point to provide Business Change Implementation Services to our Clients. Service lines supported include Portfolio and Programme Management, Project Management and Project Support, Contract and Financial Management. AJACO work in collaboration with all service providers and all levels of management to ensure projects are delivered.


  • Programme and Project Planning
  • Programme and Project Reporting
  • Programme and Project Delivery
  • Portfolio Management
  • Project Support
  • Communications Management


  • Effective Programme and Project Management leading to successful delivery
  • Effective Programme and Project Support leading to successful delivery
  • Effective and Reliable Communications within Project Teams and end users
  • Effective Change Management which manages reactions to cultural change
  • Effective and Proactive Collaboration with Suppliers


£300 to £900 per person per day

Service documents


G-Cloud 11

Service ID

9 5 9 9 1 8 8 3 3 0 2 3 2 4 6



Ajay Nehra



Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Our services do not have any constraints.
System requirements
  • Provision of Software license to use Microsoft Project
  • Provision of Software license to use Microsoft Visio
  • Provision of Software license to Microsoft Office Products

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are the same at weekends. Response times are between 9am to 5pm Saturday and Sunday. Support outside of these times are possible but at a mutually agreed cost.
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
The following support levels are provided:

Account Manager - £900 per day (regularity to be mutually agreed with Client)
Programme Manager - £850 per day
Senior Project Manager - £780 per day
Project Manager - £725 per day
Communications Manager - £600 per day
Project Management Office Support - £520 per day
Support available to third parties

Onboarding and offboarding

Getting started
All Software or Systems delivered as part of the services we provide to our client are supported by End User Guidance and Frequently Answered Questions documentation. In addition to this documentation AJACO would encourage End User Communications to compliment any such documentation produced by AJACO.
Service documentation
Documentation formats
End-of-contract data extraction
At the end of the contract AJACO produce a report in Microsoft Excel, listing all costs incurred on a month by month basis including a total amount incurred as a result of providing services to the client. AJACO also report what was originally agreed with the client, communicating the variance (both positive or negative). At the end of each month (in arrears) AJACO produce an equivalent report and on this basis are able to provide forecasts based on current programme and project status.
End-of-contract process
At the end of the Contract, all reports including completion statements and a Lessons Learned report are produced within the price of the contract. This also includes to the transition of any services to Business As Usual including the migration of all users so long at these activities fall within the agreed contract period. Subject to Client agreement AJACO would submit a follow on Memorandum of Understanding to support any future work subject to Commercial, Portfolio and Programme management approval.

Using the service

Web browser interface
Application to install
Designed for use on mobile devices
Service interface
Customisation available
Description of customisation
Although AJACO welcome buyers to solely request our services we are equally supportive of working collaboratively with other suppliers introduced by the Buyers to deliver their projects.

What can be customised?
Project duration, scope, content and AJACO's service lines can be customised with due notice in order for AJACO to adequately assess method of delivery of business requirements.

How user's can customise?
Users are able to customise our services based on their involvement and participation in trials. User's feedback, observations and recommendations are essential to ensuring all services are not only usable but establish a 'better-fit' to the business requirements being delivered.
Who can customise?
Buyers are able to change the scope of involvement and delivery of any project assigned to AJACO's services.


Independence of resources
It is paramount that the services we provide is of the highest quality and is not affected by the demand of other users. Regular internal quality reviews are carried out to ensure all risks and issues are identified and effectively communicated to the client.

Resourcing is maintained within the scope of AJACO's agreement with the client. Any external project or programme risk will be maintained by supporting the client by determining whether any external factors should be addressed by a separate agreement as agreed with the Client.

Prioritization of such risk will be progressed once agreed with the client.


Service usage metrics
Metrics types
All our consultants provide Highlight or Progress reports on a weekly basis. These reports document risks, issues, milestones achieved or pending, progress updates within the reporting period. Reports are provided in either Microsoft Word or Excel format.

In addition to weekly reports actual time burned is recorded, tracked and reported to the client. Reports are provided in Microsoft Excel format.

Quality reviews are carried out to ensure the service we provide is in line with client's expectations.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Only approved users are able to export data and by following the relevant security guidance with respect to appropriate Security Marking, Government Clearance at the appropriate level and password protection. Data exports are upon request and upon strict security guidelines.
Data export formats
  • CSV
  • Other
Other data export formats
.XLSX (Excel format)
Data import formats
  • CSV
  • Other
Other data import formats
.XLSX (Excel format)

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
AJACO guarantee to provide Professional Quality Consultancy services. Our operating hours are Monday to Friday 9am to 6pm. Our SLA when dealing with any queries and issues outside of these times is within a timely manner and within a Professional Working Day. Timely manner would depend on the severity of the issue raised. A Severity 1 issue would result in a response within 2 hours of the issue being raised. However if the issue is raised outside of a Professional Working day a response will be returned by 9am the following business day. If we are unable to meet guaranteed levels of availability then we will compensate the client by providing an agreed amount of extended consultancy time at either a reduced or at no cost.
Approach to resilience
AJACO's approach to resilience is based on identifying levels of risk when faced with the likelihood of a disturbance, surprise or uncertainty with a service provided. AJACO encourages solution providers to ensure reliability and system resilience by introducing backup systems, mirrored hardware, load balancing, correctly scoped hardware and correctly configured software to maximise resilience and to prevent system hardware or software failure.

From a Testing and Test Support Services perspective AJACO ensure its services are resilient by ensuring consultants are equipped with correct resources in order to fulfill buyer objectives. AJACO also ensure consultants are able to be substituted subject to establishing a mutual agreement with the buyer, providing substituted consultants with a suitable project handover as required by both the buyer and the project(s) being affected,
Outage reporting
Outage reports are issued via email alerts, face to face notifications, remotely by telephone and via associated suppliers (where and as required by the buyer).

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access restrictions in management interfaces and support channels would be approached by initially implementing protective marking and password protection if the nature of the the interfaces are documentation related. If system related then such systems would need to be restricted to specific end user groups, which include users who have the correct level of security clearance to access such information. Time restrictions must also be considered for system related interfaces. Such systems should be restricted to business hours where support is usually more readily available.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
All our Consultants either have Security Clearance (SC) or Developed Vetting (DV) level clearance. Where consultants on appointment fall shorty of SC clearance, SC clearance will be applied for as advised and supported by the client and in accordance to the security level they are to be exposed to.
Information security policies and processes
AJACO ensures that all consultants adhere to best practice, recognising information security practices as set or/and adhered by the buyer. All AJACO consultants apply the correct level of security control to their day to day activities in line with good practice and applicable regulation and legislation. All documentation is formatted, controlled and distributed in line with buyer requirements. AJACO carry out regular peer reviews to ensure compliance is regulated and monitored. Any issues of non-compliance, information risks or incidents are raised with the Buyer through an agreed escalation path and via the relevant Security departments as required. AJACO adheres to the following acts:

- HMG Security Policy Framework.
- ISO27001:2005 / ISO/IEC17799:2000. Information Technology – Information
- Security management systems requirements.
- ISO27002:2005. Code of practice for information security management systems.
- ISO27005:2008. Information Security Risk Management.
- Freedom of Information Act 2000.
- Data Protection Act 1998.
- Regulation of Investigatory Powers Act 2000.
- Computer Misuse Act 1990.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
1) Request for Change - clarifying objectives and goals.
2) Impact Analysis - identifying resources that will facilitate the process through to delivery and completion. To determine the level of buy-in from the client and all parties involved. To assess from respective Security and Information Assurance impact to the proposed change.
3) Approve / Deny
4) Implement Change - To involve all parties required to deliver.
5) Review / Reporting - To assess how successful the delivery was in line with the goals and objectives of the change.

To promote regular communication at all stages of the Change Management Process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All public service contract related information is either held on client provided devices or client shared drives. All secure information is maintained on client supplied equipment. These services are supported by client suppliers.

The only information held on AJACO specific devices are timesheet or audit information for the purpose of AJACO only,

As part of our services any vulnerabilities are reported immediately, captured on a RAID log recorded as part of our weekly reporting procedures. Such potential threats are obtained from public sector users of client services or from suppliers who are currently supporting client services.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
AJACO adheres to the buyer's business processes to oversee how products and services are used and also abused and in doing so:
a) seeks to adhere to and adopt an organisation-wide strategy
b) identify specifics as to how requirements will be delivered to each project
c) recognise and promote the value and benefits brought to the business
d) furnish the infrastructure needed to support requirements
e) ensure skilled consultants are able to adequately operate the infrastructure
f) to conduct reviews to ensure that the processes are performing to requirements
g) immediately report to the buyer any potential compromises identified
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All incidents identified by AJACO, the buyers and supporting suppliers are maintained on a single spreadsheet clearly specifying the date identified, summary of issue, description, environmental condition, severity, priority, assignee and status. These incident reports are regularly communicated to all relevant parties within a project team and are reviewed internally within both AJACO, buyer and respective suppliers. All common events for example installation related are generally routed to Suppliers to resolve. User guidance notes are generally shared with the Communication Manager. All Severity 1 and 2 incidents are reported immediately to the assigned Project Managers appointed by the buyer

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£300 to £900 per person per day
Discount for educational organisations
Free trial available

Service documents

Return to top ↑