Program Planning Professionals Ltd (t/a MI-GSO | PCUBED)

Microsoft Planner - for project and programme management

Microsoft Planner is a cloud-based work and project management and is part of the Microsoft Project product family. It provides simple, powerful work management capabilities and can be used by project managers and team members to plan and manage work of any size.

Features

• Single location for project, programme and project financial management
• "Out of the box" configuration
• Waterfall and Agile task management, including task assignments and dependencies.
• Idea / Request management and Portfolio alignment
• Risks, Issues and Changes defined and configurable.
• Fully integrated with Microsoft PowerBI (reports) and Power Automate (workflow)
• Data stored in the Microsoft Dataverse
• Some Microsoft Project data can be loaded from Microsoft Project
• Extensible via custom code in Microsoft Power Apps.
• Integrates with Project Home and Project Roadmap

Benefits

• Consistency from a single, cloud-based PPM solution.
• Comprehensive insight over projects, programmes, resources, and financial management.
• Versatility by defining and tracking both waterfall and agile projects.
• Leverages existing Microsoft capability e.g. Teams, Roadmap.
• "Out of the box" configuration provides rapid deployment.
• Flexibility and ease of use drives rapid adoption.
• Low cost and rapid value delivery drive early benefit realisation.
• Improved insights and understanding via Microsoft PowerBI.
• Reduces costs using ability to streamline resource allocation.
• Improved collaboration from integration with Teams.

£5.30 to £41.50 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.info@migso-pcubed.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

194568486396857

Contact

Mark Sorrell
020 7462 0100
uk.info@migso-pcubed.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no other foreseeable constraints to the Services (e.g. maintenance windows, level of customisation permitted, schedule for deprecation of functionality/features etc.)
• System requirements:
  • Microsoft Edge, Chrome, Firefox, Safari
  • The consumer must have the ability to access internet
  • Log in accounts (licences)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Microsoft do not provide a service level agreement for email response
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Microsoft recognise 4 severity levels:; Severity 1; Urgent - A full system outage, the system is not working and this is affecting all users. ; Severity 2; High - A major element of either the Microsoft PPM / EPM is not working at all and affecting all / nearly all users or the production of business critical reports.; Severity 3; Normal - A single or small element of the Microsoft PPM / EPM solution is not working and affecting a number of users or multiple teams.; Severity 4; Low -There is a problem which is affecting limited numbers of users or a less frequent part of the solution or regular reports.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Microsoft do not provide such support but MIGSO-PCUBED can deliver this via their PPM Deployment Services
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can be extracted via any Dataverse supported applications. But the data is stored within the client's own architecture and so the end of contract will simply mean the the application is no longer supported
• End-of-contract process: At the end of contract each organisation can decide to remove the capability to use the application from their solution. All data remains, the only impact is the lack of application availability. There are no costs associated with this.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The Web API implements the OData (Open Data Protocol), version 4.0, an OASIS standard for building and consuming RESTful APIs over rich data sources.; ; Further details can be found here: https://docs.microsoft.com/en-us/power-apps/developer/data-platform/webapi/get-started-dynamics-365-web-api-csharp; ; The OData API provides read only access for reporting and provides a rich level of data fro reporting.; ; The REST API can be accessed by e.g., Microsoft Power Apps and this can be used to create ne w data tables, new fields in tables and new or updated values for fields.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: There is a limited level of configuration within the solution. This is available only for uses with correct permissions. Additional capability and data stores can be defined by using code e.g. via Microsoft Power Apps.

Scaling

• Independence of resources: Data and application is part of the client Dataverse and are isolated as per the service contract with Microsoft for this

Analytics

• Service usage metrics: Yes
• Metrics types: Please see the Business admins section found here https://support.office.com/en-gb/article/Activity-Reports-in-the-Office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Dataverse databases use SQL TDE (Transparent Data Encryption, compliant with FIPS 140-2) to provide real-time I/O encryption and decryption data and log files for data encryption at-rest. Azure Storage Encryption is used for data at rest stored in the Azure Blob Storage, encrypted and decrypted transparently using 256-bit AES encryption compliant with FIPS 140-2.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can use OData to extract their data e.g. via a Microsoft PowerBI report. Some data can be accessed via Microsoft Excel. As the data is stored in the client Dataverse any other supported technology can be made available
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MPP file for data load
  • XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Microsoft supports versions 1.0, 1.1, and 1.2 of the Transport Layer Security (TLS) protocol. This protocol is an industry standard designed to protect the privacy of information communicated over the Internet. TLS assumes that a connection-oriented transport, typically TCP, is in use. The TLS protocol allows client/server applications to detect the following security risks:; • Message tampering; • Message interception; • Message forgery; ; For further information, please refer to: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380516(v=vs.85).aspx

Availability and resilience

• Guaranteed availability: Microsoft provides a contractually backed SLA to a minimum of 99.9%. ; Backup, disaster recovery and resilience plan in place
• Approach to resilience: Microsoft Data Loss Prevention (DLP) protects sensitive information across devices, cloud services, and on-premises. Data Loss Prevention policies are fundamental to an enterprise’s security model.; ; Microsoft services have been designed around five specific resiliency principles: ; ; There is critical and non-critical data. Non-critical data can be dropped in rare failure scenarios. Critical data should be protected at extreme cost. As a design goal, delivered mail messages are always critical, and things like whether or not a message has been read is noncritical. ; ; - Copies of customer data must be separated into different fault zones or as many fault domains as possible (e.g., datacentres, accessible by single credentials (process, server, or operator)) to provide failure isolation. ; ; - Critical customer data must be monitored for failing any part of Atomicity, Consistency, Isolation, Durability (ACID). ; ; - Customer data must be protected from corruption. It must be actively scanned or monitored, repairable, and recoverable. ; ; - Most data loss results from customer actions, so allow customers to recover on their own using a GUI that enables them to restore accidentally deleted items.; ; - Backup, disaster recovery and resilience plan in place
• Outage reporting: Microsoft Health Status can be checked here: https://status.cloud.microsoft/; ; The Microsoft 365 Admin Center is updated when service issues are preventing tenant administrators from accessing Service health in the Microsoft 365 admin center. (https://portal.office.com/adminportal/home?#/servicehealth). Alternatively, customers can reference https://www.twitter.com/MSFT365Status for additional insights into widespread, active incidents.; The Power Platform Admin Center (https://admin.powerplatform.microsoft.com/home) is updated when service issues are preventing tenant administrators from accessing the Power Platform admin center to view Service health status .Alternatively, customers can navigate to the M365 admin center to view the Service health status for the Power Platform services and Dynamics 365 applications.; The Microsoft Azure component (https://azure.status.microsoft/en-gb/status) identifies any existing Azure issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: User access to interfaces is made possible with a user account: O365 account.; Without having the O365 account, users cannot gain access to the service.; Access to the service is limited to authenticated and authorised users. ; Usernames and password control remain under the buyers control.
• Access restrictions in management interfaces and support channels: Access can be restricted based on the role of the user / licence purchased ; In addition, if the user does not have a O365 licence, they are restricted from the service.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company
• ISO/IEC 27001 accreditation date: 3/1/22
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/06/2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: None
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • EU Model Clauses
  • ISO 27018
  • SOC 1, SOC 2
  • FIPS 140-2
  • HIPAA/HITECH
  • CCSL (IRAP)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: FISMA/FedRamp, ; EU Model Clauses, ; HIPAA/HITECH, ; ISB 1596, ; ISO 27018, ; SASE16 SOC1 & SOC 2

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402.; The service has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1/SOC 2, NIST 800-53, and others. ; Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. OSA combines this knowledge with experience of running hundreds of thousands of servers in datacentres around the world.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.; In addition to Microsoft’s ISO-27001 compliance, and their use of independent 3rd party penetration tests, they operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of their Operational Security Assurance (OSA).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Configuration, change management, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Configuration, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MIGSO-PCUBED understands the importance of the Nation fighting climate change, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Deliver Green Together Community of Purpose (DGT CoP). Their scope includes ensuring our business is keeping pace with the sustainability agenda both internally by reducing our impact on the environment, and externally by assisting in sustainable projects and influencing client's sustainability considerations.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, provide the support and collaboration required for successful project delivery to be undertaken remotely. This implicitly reduces the need for face-to-face meetings and reduces individual and organisational carbon footprints. The availability of digital reporting, the enhanced user interfaces also reduces, ideally to zero, the need for any paper reporting.

  Covid-19 recovery

  MIGSO-PCUBED understands the importance of the Nation recovering from Covid-19, and we have incorporated the guidance within CCS PPN 06/20 in our work. However, since 2022 we have subsumed this theme into the four other themes.

  Tackling economic inequality

  MIGSO-PCUBED understands the importance of the Nation tackling economic inequality, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Equity, Diversity and Inclusion Community of Purpose (EDI CoP) with a number of related Affinity groups that contribute to our work in this area. Examples include our MPower Apprentice Programme and the opening of our Hubs in Birmingham and Manchester.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, increase the ability of everyone associated with the delivery of a project to work from any location, and potentially in any time-zone. This flexibility allows the users of any solution to be located anywhere with minimal cost to participate, removing a barrier to users needing to be based in areas of high economic wealth or for individual users to require a significant level of investment before they can be included.

  Equal opportunity

  MIGSO-PCUBED understands the importance of the Nation having equal opportunities, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Equity, Diversity and Inclusion Community of Purpose (EDI CoP) with a number of related Affinity groups that contribute to our work in this area. We strive to shape and nurture a culture where everyone is valued; where inclusiveness is a reflex, not an initiative and where EDI underpins our values and everything we do. Internal initiative examples include launching a reverse mentoring scheme and we are in our fifth year of supporting the 30% Club.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, have no weighting that favours or disadvantages any sector of possible users. There is no discrimination of or restrictive element which could apply to anyone regardless of age, gender, sexuality or religion.

  Wellbeing

  MIGSO-PCUBED understands the importance of the Nation being a healthy nation and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Wellbeing Community of Purpose (CoP). We want to bring wellbeing to the top of everyone's agenda and contribute to a culture that prioritises the support of our people, encouraging them to nurture their own and others’ health. Over 140 UK consultants have attended a mental health awareness course and we have over 10 mental health First-Aiders.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, increase the ability of everyone associated with the delivery of a project to work flexibly in terms of both hours and location. This provides the ability for everyone to adapt their working style to fit closer to their ideal work-life balance which contributes to an individual’s wellbeing.

Pricing

• Price: £5.30 to £41.50 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 30 Day Trial of Office 365

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.info@migso-pcubed.com. Tell them what format you need. It will help if you say what assistive technology you use.