Change and Transformation Services

AJACO are on point to provide Business Change Implementation Services to our Clients. Service lines supported include Portfolio and Programme Management, Project Management and Project Support, Contract and Financial Management. AJACO work in collaboration with all service providers and all levels of management to ensure projects are delivered.


  • Programme and Project Planning
  • Programme and Project Reporting
  • Programme and Project Delivery
  • Portfolio Management
  • Project Support
  • Communications Management


  • Effective Programme and Project Management leading to successful delivery
  • Effective Programme and Project Support leading to successful delivery
  • Effective and Reliable Communications within Project Teams and end users
  • Effective Change Management which manages reactions to cultural change
  • Effective and Proactive Collaboration with Suppliers

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Our services do not have any constraints.
System requirements
  • Provision of Software license to use Microsoft Project
  • Provision of Software license to use Microsoft Visio
  • Provision of Software license to Microsoft Office Products

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response times are the same at weekends. Response times are between 9am to 5pm Saturday and Sunday. Support outside of these times are possible but at a mutually agreed cost.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The following support levels are provided:

Account Manager - £900 per day (regularity to be mutually agreed with Client)
Programme Manager - £850 per day
Senior Project Manager - £780 per day
Project Manager - £725 per day
Communications Manager - £600 per day
Project Management Office Support - £520 per day
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All Software or Systems delivered as part of the services we provide to our client are supported by End User Guidance and Frequently Answered Questions documentation. In addition to this documentation AJACO would encourage End User Communications to compliment any such documentation produced by AJACO.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract AJACO produce a report in Microsoft Excel, listing all costs incurred on a month by month basis including a total amount incurred as a result of providing services to the client. AJACO also report what was originally agreed with the client, communicating the variance (both positive or negative). At the end of each month (in arrears) AJACO produce an equivalent report and on this basis are able to provide forecasts based on current programme and project status.
End-of-contract process At the end of the Contract, all reports including completion statements and a Lessons Learned report are produced within the price of the contract. This also includes to the transition of any services to Business As Usual including the migration of all users so long at these activities fall within the agreed contract period. Subject to Client agreement AJACO would submit a follow on Memorandum of Understanding to support any future work subject to Commercial, Portfolio and Programme management approval.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Although AJACO welcome buyers to solely request our services we are equally supportive of working collaboratively with other suppliers introduced by the Buyers to deliver their projects.

What can be customised?
Project duration, scope, content and AJACO's service lines can be customised with due notice in order for AJACO to adequately assess method of delivery of business requirements.

How user's can customise?
Users are able to customise our services based on their involvement and participation in trials. User's feedback, observations and recommendations are essential to ensuring all services are not only usable but establish a 'better-fit' to the business requirements being delivered.
Who can customise?
Buyers are able to change the scope of involvement and delivery of any project assigned to AJACO's services.


Independence of resources It is paramount that the services we provide is of the highest quality and is not affected by the demand of other users. Regular internal quality reviews are carried out to ensure all risks and issues are identified and effectively communicated to the client.

Resourcing is maintained within the scope of AJACO's agreement with the client. Any external project or programme risk will be maintained by supporting the client by determining whether any external factors should be addressed by a separate agreement as agreed with the Client.

Prioritization of such risk will be progressed once agreed with the client.


Service usage metrics Yes
Metrics types All our consultants provide Highlight or Progress reports on a weekly basis. These reports document risks, issues, milestones achieved or pending, progress updates within the reporting period. Reports are provided in either Microsoft Word or Excel format.

In addition to weekly reports actual time burned is recorded, tracked and reported to the client. Reports are provided in Microsoft Excel format.

Quality reviews are carried out to ensure the service we provide is in line with client's expectations.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Only approved users are able to export data and by following the relevant security guidance with respect to appropriate Security Marking, Government Clearance at the appropriate level and password protection. Data exports are upon request and upon strict security guidelines.
Data export formats
  • CSV
  • Other
Other data export formats .XLSX (Excel format)
Data import formats
  • CSV
  • Other
Other data import formats .XLSX (Excel format)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability AJACO guarantee to provide Professional Quality Consultancy services. Our operating hours are Monday to Friday 9am to 6pm. Our SLA when dealing with any queries and issues outside of these times is within a timely manner and within a Professional Working Day. Timely manner would depend on the severity of the issue raised. A Severity 1 issue would result in a response within 2 hours of the issue being raised. However if the issue is raised outside of a Professional Working day a response will be returned by 9am the following business day. If we are unable to meet guaranteed levels of availability then we will compensate the client by providing an agreed amount of extended consultancy time at either a reduced or at no cost.
Approach to resilience AJACO's approach to resilience is based on identifying levels of risk when faced with the likelihood of a disturbance, surprise or uncertainty with a service provided. AJACO encourages solution providers to ensure reliability and system resilience by introducing backup systems, mirrored hardware, load balancing, correctly scoped hardware and correctly configured software to maximise resilience and to prevent system hardware or software failure.

From a Testing and Test Support Services perspective AJACO ensure its services are resilient by ensuring consultants are equipped with correct resources in order to fulfill buyer objectives. AJACO also ensure consultants are able to be substituted subject to establishing a mutual agreement with the buyer, providing substituted consultants with a suitable project handover as required by both the buyer and the project(s) being affected,
Outage reporting Outage reports are issued via email alerts, face to face notifications, remotely by telephone and via associated suppliers (where and as required by the buyer).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Access restrictions in management interfaces and support channels would be approached by initially implementing protective marking and password protection if the nature of the the interfaces are documentation related. If system related then such systems would need to be restricted to specific end user groups, which include users who have the correct level of security clearance to access such information. Time restrictions must also be considered for system related interfaces. Such systems should be restricted to business hours where support is usually more readily available.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach All our Consultants either have Security Clearance (SC) or Developed Vetting (DV) level clearance. Where consultants on appointment fall shorty of SC clearance, SC clearance will be applied for as advised and supported by the client and in accordance to the security level they are to be exposed to.
Information security policies and processes AJACO ensures that all consultants adhere to best practice, recognising information security practices as set or/and adhered by the buyer. All AJACO consultants apply the correct level of security control to their day to day activities in line with good practice and applicable regulation and legislation. All documentation is formatted, controlled and distributed in line with buyer requirements. AJACO carry out regular peer reviews to ensure compliance is regulated and monitored. Any issues of non-compliance, information risks or incidents are raised with the Buyer through an agreed escalation path and via the relevant Security departments as required. AJACO adheres to the following acts:

- HMG Security Policy Framework.
- ISO27001:2005 / ISO/IEC17799:2000. Information Technology – Information
- Security management systems requirements.
- ISO27002:2005. Code of practice for information security management systems.
- ISO27005:2008. Information Security Risk Management.
- Freedom of Information Act 2000.
- Data Protection Act 1998.
- Regulation of Investigatory Powers Act 2000.
- Computer Misuse Act 1990.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach 1) Request for Change - clarifying objectives and goals.
2) Impact Analysis - identifying resources that will facilitate the process through to delivery and completion. To determine the level of buy-in from the client and all parties involved. To assess from respective Security and Information Assurance impact to the proposed change.
3) Approve / Deny
4) Implement Change - To involve all parties required to deliver.
5) Review / Reporting - To assess how successful the delivery was in line with the goals and objectives of the change.

To promote regular communication at all stages of the Change Management Process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All public service contract related information is either held on client provided devices or client shared drives. All secure information is maintained on client supplied equipment. These services are supported by client suppliers.

The only information held on AJACO specific devices are timesheet or audit information for the purpose of AJACO only,

As part of our services any vulnerabilities are reported immediately, captured on a RAID log recorded as part of our weekly reporting procedures. Such potential threats are obtained from public sector users of client services or from suppliers who are currently supporting client services.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach AJACO adheres to the buyer's business processes to oversee how products and services are used and also abused and in doing so:
a) seeks to adhere to and adopt an organisation-wide strategy
b) identify specifics as to how requirements will be delivered to each project
c) recognise and promote the value and benefits brought to the business
d) furnish the infrastructure needed to support requirements
e) ensure skilled consultants are able to adequately operate the infrastructure
f) to conduct reviews to ensure that the processes are performing to requirements
g) immediately report to the buyer any potential compromises identified
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All incidents identified by AJACO, the buyers and supporting suppliers are maintained on a single spreadsheet clearly specifying the date identified, summary of issue, description, environmental condition, severity, priority, assignee and status. These incident reports are regularly communicated to all relevant parties within a project team and are reviewed internally within both AJACO, buyer and respective suppliers. All common events for example installation related are generally routed to Suppliers to resolve. User guidance notes are generally shared with the Communication Manager. All Severity 1 and 2 incidents are reported immediately to the assigned Project Managers appointed by the buyer

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £300 to £900 per person per day
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑