Change and Transformation Services
AJACO are on point to provide Business Change Implementation Services to our Clients. Service lines supported include Portfolio and Programme Management, Project Management and Project Support, Contract and Financial Management. AJACO work in collaboration with all service providers and all levels of management to ensure projects are delivered.
- Programme and Project Planning
- Programme and Project Reporting
- Programme and Project Delivery
- Portfolio Management
- Project Support
- Communications Management
- Effective Programme and Project Management leading to successful delivery
- Effective Programme and Project Support leading to successful delivery
- Effective and Reliable Communications within Project Teams and end users
- Effective Change Management which manages reactions to cultural change
- Effective and Proactive Collaboration with Suppliers
£300 to £900 per person per day
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||Our services do not have any constraints.|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||Response times are the same at weekends. Response times are between 9am to 5pm Saturday and Sunday. Support outside of these times are possible but at a mutually agreed cost.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The following support levels are provided:
Account Manager - £900 per day (regularity to be mutually agreed with Client)
Programme Manager - £850 per day
Senior Project Manager - £780 per day
Project Manager - £725 per day
Communications Manager - £600 per day
Project Management Office Support - £520 per day
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||All Software or Systems delivered as part of the services we provide to our client are supported by End User Guidance and Frequently Answered Questions documentation. In addition to this documentation AJACO would encourage End User Communications to compliment any such documentation produced by AJACO.|
|End-of-contract data extraction||At the end of the contract AJACO produce a report in Microsoft Excel, listing all costs incurred on a month by month basis including a total amount incurred as a result of providing services to the client. AJACO also report what was originally agreed with the client, communicating the variance (both positive or negative). At the end of each month (in arrears) AJACO produce an equivalent report and on this basis are able to provide forecasts based on current programme and project status.|
|End-of-contract process||At the end of the Contract, all reports including completion statements and a Lessons Learned report are produced within the price of the contract. This also includes to the transition of any services to Business As Usual including the migration of all users so long at these activities fall within the agreed contract period. Subject to Client agreement AJACO would submit a follow on Memorandum of Understanding to support any future work subject to Commercial, Portfolio and Programme management approval.|
Using the service
|Web browser interface||No|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of customisation||
Although AJACO welcome buyers to solely request our services we are equally supportive of working collaboratively with other suppliers introduced by the Buyers to deliver their projects.
What can be customised?
Project duration, scope, content and AJACO's service lines can be customised with due notice in order for AJACO to adequately assess method of delivery of business requirements.
How user's can customise?
Users are able to customise our services based on their involvement and participation in trials. User's feedback, observations and recommendations are essential to ensuring all services are not only usable but establish a 'better-fit' to the business requirements being delivered.
Who can customise?
Buyers are able to change the scope of involvement and delivery of any project assigned to AJACO's services.
|Independence of resources||
It is paramount that the services we provide is of the highest quality and is not affected by the demand of other users. Regular internal quality reviews are carried out to ensure all risks and issues are identified and effectively communicated to the client.
Resourcing is maintained within the scope of AJACO's agreement with the client. Any external project or programme risk will be maintained by supporting the client by determining whether any external factors should be addressed by a separate agreement as agreed with the Client.
Prioritization of such risk will be progressed once agreed with the client.
|Service usage metrics||Yes|
All our consultants provide Highlight or Progress reports on a weekly basis. These reports document risks, issues, milestones achieved or pending, progress updates within the reporting period. Reports are provided in either Microsoft Word or Excel format.
In addition to weekly reports actual time burned is recorded, tracked and reported to the client. Reports are provided in Microsoft Excel format.
Quality reviews are carried out to ensure the service we provide is in line with client's expectations.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Only approved users are able to export data and by following the relevant security guidance with respect to appropriate Security Marking, Government Clearance at the appropriate level and password protection. Data exports are upon request and upon strict security guidelines.|
|Data export formats||
|Other data export formats||.XLSX (Excel format)|
|Data import formats||
|Other data import formats||.XLSX (Excel format)|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||AJACO guarantee to provide Professional Quality Consultancy services. Our operating hours are Monday to Friday 9am to 6pm. Our SLA when dealing with any queries and issues outside of these times is within a timely manner and within a Professional Working Day. Timely manner would depend on the severity of the issue raised. A Severity 1 issue would result in a response within 2 hours of the issue being raised. However if the issue is raised outside of a Professional Working day a response will be returned by 9am the following business day. If we are unable to meet guaranteed levels of availability then we will compensate the client by providing an agreed amount of extended consultancy time at either a reduced or at no cost.|
|Approach to resilience||
AJACO's approach to resilience is based on identifying levels of risk when faced with the likelihood of a disturbance, surprise or uncertainty with a service provided. AJACO encourages solution providers to ensure reliability and system resilience by introducing backup systems, mirrored hardware, load balancing, correctly scoped hardware and correctly configured software to maximise resilience and to prevent system hardware or software failure.
From a Testing and Test Support Services perspective AJACO ensure its services are resilient by ensuring consultants are equipped with correct resources in order to fulfill buyer objectives. AJACO also ensure consultants are able to be substituted subject to establishing a mutual agreement with the buyer, providing substituted consultants with a suitable project handover as required by both the buyer and the project(s) being affected,
|Outage reporting||Outage reports are issued via email alerts, face to face notifications, remotely by telephone and via associated suppliers (where and as required by the buyer).|
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||Access restrictions in management interfaces and support channels would be approached by initially implementing protective marking and password protection if the nature of the the interfaces are documentation related. If system related then such systems would need to be restricted to specific end user groups, which include users who have the correct level of security clearance to access such information. Time restrictions must also be considered for system related interfaces. Such systems should be restricted to business hours where support is usually more readily available.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||All our Consultants either have Security Clearance (SC) or Developed Vetting (DV) level clearance. Where consultants on appointment fall shorty of SC clearance, SC clearance will be applied for as advised and supported by the client and in accordance to the security level they are to be exposed to.|
|Information security policies and processes||
AJACO ensures that all consultants adhere to best practice, recognising information security practices as set or/and adhered by the buyer. All AJACO consultants apply the correct level of security control to their day to day activities in line with good practice and applicable regulation and legislation. All documentation is formatted, controlled and distributed in line with buyer requirements. AJACO carry out regular peer reviews to ensure compliance is regulated and monitored. Any issues of non-compliance, information risks or incidents are raised with the Buyer through an agreed escalation path and via the relevant Security departments as required. AJACO adheres to the following acts:
- HMG Security Policy Framework.
- ISO27001:2005 / ISO/IEC17799:2000. Information Technology – Information
- Security management systems requirements.
- ISO27002:2005. Code of practice for information security management systems.
- ISO27005:2008. Information Security Risk Management.
- Freedom of Information Act 2000.
- Data Protection Act 1998.
- Regulation of Investigatory Powers Act 2000.
- Computer Misuse Act 1990.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
1) Request for Change - clarifying objectives and goals.
2) Impact Analysis - identifying resources that will facilitate the process through to delivery and completion. To determine the level of buy-in from the client and all parties involved. To assess from respective Security and Information Assurance impact to the proposed change.
3) Approve / Deny
4) Implement Change - To involve all parties required to deliver.
5) Review / Reporting - To assess how successful the delivery was in line with the goals and objectives of the change.
To promote regular communication at all stages of the Change Management Process.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
All public service contract related information is either held on client provided devices or client shared drives. All secure information is maintained on client supplied equipment. These services are supported by client suppliers.
The only information held on AJACO specific devices are timesheet or audit information for the purpose of AJACO only,
As part of our services any vulnerabilities are reported immediately, captured on a RAID log recorded as part of our weekly reporting procedures. Such potential threats are obtained from public sector users of client services or from suppliers who are currently supporting client services.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
AJACO adheres to the buyer's business processes to oversee how products and services are used and also abused and in doing so:
a) seeks to adhere to and adopt an organisation-wide strategy
b) identify specifics as to how requirements will be delivered to each project
c) recognise and promote the value and benefits brought to the business
d) furnish the infrastructure needed to support requirements
e) ensure skilled consultants are able to adequately operate the infrastructure
f) to conduct reviews to ensure that the processes are performing to requirements
g) immediately report to the buyer any potential compromises identified
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||All incidents identified by AJACO, the buyers and supporting suppliers are maintained on a single spreadsheet clearly specifying the date identified, summary of issue, description, environmental condition, severity, priority, assignee and status. These incident reports are regularly communicated to all relevant parties within a project team and are reviewed internally within both AJACO, buyer and respective suppliers. All common events for example installation related are generally routed to Suppliers to resolve. User guidance notes are generally shared with the Communication Manager. All Severity 1 and 2 incidents are reported immediately to the assigned Project Managers appointed by the buyer|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£300 to £900 per person per day|
|Discount for educational organisations||No|
|Free trial available||No|