Sandhill Consultants Ltd

Meisterplan

Meisterplan is a browser-based project portfolio and resource management system. With a simple, clear graphic interface, users can view, manage and model work demand against resource capacity. Balance demand for resources with capacity across all projects using this powerful yet easy to use Project Portfolio Management software.

Features

• Collect Demand information and align demand against business goals
• Collect Capacity information holding all organizations roles and resources
• Scenario Planning, model scenarios and develop forecasts
• Financials include costs for roles and resources
• Reporting export into excel and integrate with BI tools

Benefits

• Create appropriate portfolios for users to manage
• Map, manage your project pipeline and stage-gate or Agile processes
• Track delivery and milestone timelines for each project
• Create multiple Organisation Breakdown Structures applying work/people into structures
• Create and assign skills to resources
• Add instances of OpEx and/or CapEx to project timelines
• Group and manage financials by portfolio
• In-app pivot reporting

£540 a transaction a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.carter@sandhill.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

133657708057467

Contact

Andrew Carter
01476 568708
andrew.carter@sandhill.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Add on to Project Management and Portfolio Management tools such as Clarity, ServiceNow PPM, Planview Enterprise One, Planisware and Jira Align
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Web browser
• System requirements:
  • Processor (CPU): 4 (v)CPUs
  • Available memory (RAM): 32 GB
  • Available disc space (HDD): 60 GB
  • Email server with working SMTP login can be required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Supplier shall ensure, within the Primary Processing Time (from Monday to Friday from 09.00 – 17.00 CE(S)T) only, that fault rectification work shall begin within a period agreed below, based on the respective fault class defined below, following receipt of a report of a technical fault from the Customer by e-mail or support ticket ; ; In the case of faults reported outside the Primary Processing Time, the Response Time shall start next business day within the primary processing time.; ; Fault class: Response Time; Fault class 1: 4 hours; Fault class 2: 2 business days; Fault class 3: 5 business days
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Free of charge upgrades, bug issue resolution, provision of standard fixes and workarounds to known problems.; Meisterplan Help Center: https://help.meisterplan.com/hc/en-us; SLA:; https://meisterplan.com/trust-center/terms-of-service-eu/#mp-4-service-levels"
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full education and training quick start programs and fully supported implementation project are offered
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Excel export
• End-of-contract process: "The Agreement shall have the minimum term as agreed in the Agreement and may not be the subject of ordinary termination prior to that point.; The Agreement shall be extended by further periods of the originally agreed term unless terminated by one of the Parties at the end of the minimum term or the extension period in question. When the contractual relationship ends, all the Customer’s rights to use the Application shall lapse. The Supplier shall delete the Customer’s Application Data no later than 30 days after the end of the Agreement."

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser based, easy to use, configurable user interface.
• Accessibility standards: None or don’t know
• Description of accessibility: You can check if Meisterplan services are operational by going to our status page at status.meisterplan.com. If there is a major incident, you can subscribe to get automated status updates until we fix the issue. Authentication/SAML - Shows if you can log into Meisterplan; Web Application - Shows if your Meisterplan system is operational; API/Mobile App/Integrations - Shows if our API, Mobile App and Integrations are operational; Subscription Management - Shows if you can access your subscription and purchase Meisterplan online
• Accessibility testing: Gain visibility into work managed in Jira; Create a long-term plan based on strategic initiatives, so that different teams can work towards a common goal; Your teams continue to work how they want - be it agile or waterfall, in MS Project, Trello or Jira, even if you have multiple teams working in multiple instances of Jira.; Always consider the availability and utilization of your employees so that you can make realistic forecasts and make sure nobody is overbooked; Create a common communication foundation, a single source of truth, for management and agile teams; Simulate what-if scenarios - how do changes affect the roadmap, for example, if you're hiring another development team?
• API: Yes
• What users can and can't do using the API: Create, read, update, delete objects (project, resources, financials, milestones, etc.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisable user interface and partially customisable which data can be entered by customer

Scaling

• Independence of resources: Scalable (AWS EKS, RDS, Metrics)

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Meisterplan Software

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: The data is AES 256 encrypted via AWS encrypted EBS volumes, commonly referred to as at-rest-encryption.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: "In order to import and export data with spreadsheets you will need Microsoft Excel for Windows. The following versions are supported:; ; Office 2016; Office 2019/365; Office 2021/365; Microsoft Excel for Mac is not supported."
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: "a)The Supplier shall make the Meisterplan Application available during the following System Runtime, with the exception of the agreed scheduled outage periods pursuant to Clause (2) below.; The “System Runtime” shall be 24 hours a day and 365 days a year.; b) The parties agree to the periods of available use. During this time, the longest uninterrupted downtime will not exceed 4 hours.; All times outside the Primary Processing Time are considered as Secondary Processing Time during which availability is not ensured. Primary Processing Time excludes Saturdays, Sundays, January 1 and December 25.; c) The Application will be deemed to be available during periods of time in which; The Application can't be accessed (or other faults exist) due to problems with the local IT system of the Customer, or in a fault in the Customer’s connection to the Server, or; other events occur, which are not caused by the Supplier or its agents, e.g., due to force majeure, abuse or operator error.; (2) Supplier may schedule outage periods in order to service and maintain the Application and/or Server, and other tasks. The Supplier will announce scheduled outages to the Customer no less than 7 days in advance at https://status.meisterplan.com.
• Approach to resilience: The Application and the data entered by the Customer into the Meisterplan Application is backed up regularly on the Server, at least once daily. RTO is 1 hour.
• Outage reporting: "Supplier may schedule outage periods in order to service and maintain the Application and/or Server, and to perform other tasks. The Supplier will announce scheduled outages to the Customer no less than 7 days in advance at https://status.meisterplan.com.; Even if the Customer is able to use the application during the scheduled outage period, it shall not be legally entitled to do so. If, during use of the Application during scheduled outage periods, there is a reduction in performance or suspension of performance, the Customer may not make a claim for liability for defects or for damages."

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: All user access to data processing equipment and systems is only possible via a user ID with password or via an SSO solution.; Access to the central customer management system is linked to the employee's user account via SSO.; Multi-factor protection is possible if your own IdP provides this option (via SAML)
• Access restrictions in management interfaces and support channels: Configurable via integrated user and group management in the application. This is a self service on the customer side. ; ; Operating side: all access to production infrastructure is logged; Critical systems always enforce Multifactor Authentication; Least privilege is the policy; Only few developers have access to production systems, operations team only, currently 5 developers.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: All user access to data processing equipment and systems is only possible via a user ID with password or via an SSO solution.; Access to the central customer management system is linked to the employee's user account via SSO.; Multi-factor protection is possible if your own IdP provides this option (via SAML)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TÜV SÜD Management Service GmbH
• ISO/IEC 27001 accreditation date: 25/08/2022
• What the ISO/IEC 27001 doesn’t cover: Meisterplan has been certified to ISO/IEC 27001:2017. Our control set also includes ISO 27017 (cloud based security) controls and ISO 27018 (data protection) controls.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "1. Meisterplan has been certified to ISO/IEC 27001:2017. Our control set also includes ISO 27017 (cloud based security) controls and ISO 27018 (data protection) controls.; ; 2. Meisterplan Information Security Statement: https://meisterplan.com/trust-center/information-security-statement/; "

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: - Feature Requests via Ticketing Tool, ; - internal Development creation of JIRA Issues; - Prioritization via Product management; - Implementation ; - Code Review; - Testing on another Environment (Staging); - Deployment; - Release
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We scan the entire code base daily using a dependency checker and mitigate findings within a few days. ; External security experts carry out network and application penetration tests once a year in order to discover new threat vectors and security vulnerabilities and rectify them immediately.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Continuously evaluate security threats and implement updated countermeasures to prevent unauthorized access or unplanned downtime. Status and availability of the SaaS services can be viewed at any time. If the customer's data is affected, the customer is contacted. ; As part of our incident management process, a so-called post-incident report is created, which is used to track the incident and make improvements.; We proactively inform ourselves about current threats and subscribe to numerous security mailing lists.; Meisterplan is also certified according to ISO/IEC 27001:2013, whereby compliance with information security standards is monitored and verified by accredited auditors in annual surveillance audits.
• Incident management type: Supplier-defined controls
• Incident management approach: We continuously evaluate security threats update countermeasures to prevent unauthorized access or unplanned downtime. Status and availability of the SaaS services can be viewed at any time at status.meisterplan.com. If the customer's data is affected, the customer is informed. ; As part of our incident management process, a so-called post-incident report is created, which is used to track the incident.; Proactively informing ourselves about current threats and subscribe to numerous security mailing lists.; Meisterplan is certified to ISO/IEC 27001:2017, whereby compliance with information security standards is monitored and verified by accredited auditors in annual surveillance audits.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  As a company Sandhill identify and implement activities to reduce emissions in the performance of contracts, such as improving energy efficiency, switching to renewable energy sources, reducing waste, water consumption, promoting low-carbon transport, and offsetting unavoidable emissions. ; ; We'll seek external verification and certification of our carbon reporting, where possible. ; ; Sandhill have committed to the following as part of their efforts toward fighting climate change. ; ; Environmental Awareness - POLICY STATEMENT ; It is the policy of Sandhill Consultants Limited (Sandhill) to minimise the potentially significant impacts of our operations and services on the environment. We will promote sustainability and environmental awareness at all levels of decision making. ; ; In defining our program of improved environmental performance and pollution reduction, Sandhill will: ; ; • Comply with the letter and spirit of all relevant environmental legislation. ; ; • Adopt a purchasing program that takes into account the environmental impact of products and services in areas of key concern. ; ; • Implement waste management strategies that promote waste minimisation, re-use, recovery and recycling where appropriate. Where these options are not available we will ensure that our waste is disposed of in a way that minimises its impact on the environment. ; ; • Promote efficient energy use in all areas of business activity. ; ; • Seek to manage and reduce internal and client-facing travel. ; ; • Ensure that our staff are aware of the environmental impacts of their work activities and encourage them through awareness raising and training to minimise those impacts. ; ; • Pursue a program of continuous improvement of our policies and practice. ; ; • Ensure that our policy is available for public review on request. ; ; This policy will be reviewed on a regular basis to evaluate continued relevance and to monitor compliance and in turn look to conform with ISO 14001. ; ; The Sandhill Policy Statement is signed off by Simon Carter, CEO.

  Tackling economic inequality

  Fostering wider diffusion of new technologies and building complementary capabilities in the workforce can deliver both stronger and more inclusive economic growth.; Technology offers opportunities for people to acquire new skills, engage in varied livelihoods, and participate in shaping cultural norms and democracy. Ensuring marginalized communities have the necessary skills, access, and tools is essential for inclusive growth. The Introduction of new software will offer potential opportunities for training and retraining and with the use of Meisterplan should result in more efficient use of resources, roles and people.

Pricing

• Price: £540 a transaction a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The Customer has the opportunity to test the Meisterplan Application free of charge for a 30 day trial period. A trial version is not permitted to be used for normal business operations.; The Application Data shall be deleted automatically 30 days after the end of the trial phase.
• Link to free trial: https://meisterplan.com/explore/trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.carter@sandhill.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.