Corporate Project Solutions

OnePlan Portfolio Management OnePlan.ai

Leverage OnePlan’s strategic project portfolio management solutions to align your project investments with business objectives efficiently. Our service offers intuitive tools for resource management, financial tracking, and real-time analytics, all integrated into your existing workflows. Optimize decision-making and maximize ROI with expert guidance and continuous support. PPM!

Features

• Strategic Planning
• Portfolio Management
• Financial Management
• Resource Management
• Risk Management
• Collaboration Tools
• Real-time Analytics
• Integration Capabilities
• Agile and Waterfall Methodologies
• Change Management

Benefits

• Enhances alignment between projects and strategic goals.
• Provides comprehensive portfolio oversight.
• Improves budget accuracy and financial control.
• Optimizes resource allocation and management.
• Mitigates risks effectively through proactive management.
• Facilitates seamless team collaboration and communication.
• Delivers real-time insights for better decision-making.
• Ensures smooth integrations with existing systems.
• Work how you want to work Agile + Waterfall
• Manages project changes efficiently, maintaining goal alignment.

£20 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cps.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

319847576831309

Contact

Sales Administration
01628 321321
sales@cps.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Usual constraints of planned maintenance that is communicated to you
• System requirements:
  • Internet connection
  • OnePlan license
  • Web browser

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 1hr response M-F 0900-1700; Priority 1 call only at the weekend with 3 hr response time
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Microsoft Teams
• Onsite support: Yes, at extra cost
• Support levels: CPS offer two levels of support: Level 1 - Reactive Support - Something goes wrong and the customer calls or emails for help. Level 2 - Managed Service - We monitor the environment and carry out proactive maintenance of the solution. A dedicated Managed Service team runs Managed Services. As part of this service CPS assign a Cloud Support Engineer. Level 1 and Level 2 have Technical Account Managers assigned as standard.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Remote or onsite consulting
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Via reports and data extracts to Excel and downloading content e.g. Word files; OData - extracting PO data to a Microsoft Excel spreadsheet and saving project plans in Microsoft Project
• End-of-contract process: Data is stored in MIcrosoft Azure. If the Service is terminated, Microsoft will reatina access to the data for 90 days (the retention period) and then all data will be deleted from all of their servers

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Smaller screen less access to all functionality. ; Use case is for task updates
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: https://my.oneplan.ai/ApiHelp; The following APIs are available for use with your OnePlan instance. To use these APIs you will need to generate an integration key found in your OnePlan Config or login as a user.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Create own views, fields, filters and reports.

Scaling

• Independence of resources: Microsoft Azure employs a variety of strategies and technologies to ensure that the demand placed by some users does not adversely affect others. These are designed to maintain performance and availability across its services, despite the multi-tenant nature of cloud computing. ; ; Physical and Logical Isolation; Auto-Scaling; Elastic Services; Traffic Manager and Load Balancers; Built-In Throttling Mechanisms; Fair Usage Policies; Traffic Prioritization; Service Tiers; Advanced Monitoring Tools; Predictive Analytics; Geographic Distribution; Redundancy; Governance and Compliance; Quotas

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: OnePlan

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can use OData to extract or import their data. Out of the box SharePoint allows export of all information to Excel. Pcubed could also develop specific reports relating to more detailed information and saving project plans in Microsoft Project.; Data is stored in SQL database and any application compliant with SQL can be used.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • MPP
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • MPP

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: For data at rest, the service deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online, Azure and the Dataverse. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database.

Availability and resilience

• Guaranteed availability: If the OnePlan Service does not achieve 99.95% uptime, OnePlan will provide Customer with a 100x Service Credit (as defined below), pursuant to the provisions, requirements, and limitations of this SLA.
• Approach to resilience: OnePlan’s products are hosted in Microsoft Azure. Azure infrastructure is resilient to attack, safeguards user access to the Azure environment, and helps keep data secure through encrypted communications as well as threat management and mitigation practices, including regular penetration testing.
• Outage reporting: Outages both planned and un-planned are notified by email to registered owners of the solution. Planned outages can also be notified in the service itself; ; Every OnePlan service is monitored 24 hours a day, 7 days a week, 365 days a year using monitoring services provided by Microsoft Azure. The following services are monitored:; ; PING; Static HTTP; Processor and Memory Usage; Hard Disk Usage; If a test fails, a monitoring notification is generated immediately. All notifications are sent directly to the OnePlan network operations team. OnePlan applies the following intervention timeframes after a monitoring alarm for all shared servers:; ; Five (5) minutes after alarm during business hours, 8:00 a.m.-6:00 p.m. (PST) Monday to Friday, US statutory holidays excluded.; Thirty (30) minutes after alarm outside of normal business hours.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Microsoft 365 Entra AAD
• Access restrictions in management interfaces and support channels: Access can be restricted based on the role of the user (administrator, team member with edit right, or only viewer).; In addition, if the user does not have a user account, they are restricted from the service.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 21/01/2023
• What the ISO/IEC 27001 doesn’t cover: It does not cover any OnePlan specific elements of the overall solution
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Microsoft Solutions Partner | Security

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: OnePlan is a Office 365 / Azure app. The app is installed in your Microsoft work management cloud experience. It uses the standard O365 app model. This means that authentication is all handled through your AD / AAD and follows all of your policies inherently.; ; The app is hosted in Azure and therefore has high availability and adheres to security best practices and certification requirements.; ; Data Tracking; ; OnePlan allows for tracking more data than what is stored in Office 365 (for example, high level resource planning info) and therefore does store some data. This data is also stored in Azure (Cosmos DB).; ; A “service account” is needed if connecting to a work management platform. The account will need admin access to the work management platform its connected to. The stored account credentials are encrypted using Azure Key Vault.; ; Encryption; ; All data is encrypted on transit via SSL using Digicert certificates (TLS 1.2). API keys / token based methods are used instead of user names and passwords where supported.; ; https://media.screensteps.com/attachment_assets/assets/003/951/583/original/OnePlan_Systems_Architecture_2020.11.25.pdf; ; Azure has a variety of certifications and is very secure. You can access more info here: https://www.microsoft.com/en-us/trustcenter/security/azure-security; ; View Microsoft SOC reports here: https://www.microsoft.com/en-us/trustcenter/compliance/soc

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any bug fix is implemented into OnePlan QA environment and tested thoroughly using standard regression testing before being pushed into Production. This includes security testing; All client environments use code from OnePlan’s cloud-based Production environment.; Microsoft conducts regular penetration testing to improve Azure security controls and processes. In addition, OnePlan performs their own penetration testing and code scans before and after every production update
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Every OnePlan service is monitored 24 hours a day, 7 days a week, 365 days a year using monitoring services provided by Microsoft Azure. The following services are monitored:;  PING; Static HTTP; Processor and Memory Usage; Hard Disk Usage; If a test fails, OnePlan applies the following escalation:; Within 5 minutes during business hours, 8:00 a.m.-6:00 p.m. (PST) Monday to Friday or 30 minutes at other times; ; Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software to help protect systems from unknown vulnerabilities
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring and logging: Centralized monitoring, correlation, and analysis systems manage the large amount of information generated by devices within the Azure environment, providing continuous visibility and timely alerts to the teams that manage the service. See Azure infrastructure monitoring.; ; Update management: Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software to help protect systems from unknown vulnerabilities.; ; Antivirius: Azure software components must go through a virus scan before deployment; ; Penetration testing: Microsoft conducts regular penetration testing to improve Azure security controls and processes.
• Incident management type: Supplier-defined controls
• Incident management approach: Configuration, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At CPS, we take our environmental impact seriously. We are measuring and reducing our carbon emissions and have set a progressive target to reduce emissions 50% by 2030 and achieve Net Zero by 2050. This involves the continuation of various measures and activities, already being implemented and embraced by our people, for example: the continued maintenance of our ISO:14001 accreditation, meetings via Microsoft Teams, a “Think Local” approach to sourcing quality suppliers, the implementation of an electric vehicle scheme and cycle to work programme, and maintaining a paperless office. Moving forward, our commitment to reduced carbon emissions will continue to grow with the implementation of further measures such as: the introduction of a Sustainable Travel Policy to support employee behavioural change to business travel, commuting and parking, introducing a remote working policy alongside the reduction of office space to encourage remote working and reduce travel to office, and the roll out of carbon training to all our colleagues.

  Covid-19 recovery

  As CPS navigates the post-pandemic era, we remain committed to bolstering the UK's economic revival and ensuring the well-being of our employees. Our procurement strategy prioritises UK-based suppliers, circulating capital within the local economy. To accommodate the new normal, we've reimagined our workspace design, focusing on flexible environments that foster collaboration and innovation while ensuring safety. We've enhanced our mental health support programs, acknowledging the profound impact COVID-19 has had on mental well-being. Additionally, our professional development initiatives have been recalibrated to equip our workforce with the skills necessary for a digital-first economy, thereby ensuring their growth and adaptability. By implementing remote working options, we are sustaining productivity and contributing to reducing commuter congestion, supporting a greener economy. Our approach is holistic – we are enhancing our business operations and nurturing our workforce to be stronger, resilient, and future-ready.

  Tackling economic inequality

  CPS champions economic equality by considering local employment alongside UK wide recruitment, helping communities in our local areas, while fostering equitable growth. Our apprenticeship schemes unlock career opportunities, offering hands-on experience that cultivates skilled professionals across diverse socio-economic backgrounds. Alongside this, our graduate programmes are designed to nurture emerging talent, providing the essential tools for success in a dynamic marketplace. These initiatives stand at the core of our commitment to inclusivity, propelling opportunity and progression as shared values within our society. Through these efforts, CPS asserts its role as a responsible corporate citizen, actively shaping a more equitable and balanced economy.

  Equal opportunity

  CPS steadfastly upholds an inclusive work environment, endorsing equal opportunity and safeguarding against all forms of unlawful discrimination — whether based on ethnicity, gender, pregnancy, marital status, gender identity, disability, faith, age, or sexual orientation. Our policy is designed to dismantle any prejudiced practices, fostering an ethos where diversity is not only respected but is integral to our collective success. Our aim extends beyond our internal operations to ensure equitable access to our services and products for all clients and customers, affirming our belief in respect and dignity for every individual we engage with. In alignment with our Data Protection Policy, we manage all personal data with the utmost integrity. The goals of this policy are clear: to eradicate discrimination, ensuring compliance with the Equality Act 2010. We are committed to fair practices in all HR processes, from hiring to promotion, and from professional development to compensation. Decisions are based solely on individual ability, achievements, expertise, and efficiency. This commitment reflects our ongoing dedication to meritocracy and the fair treatment of all employees and stakeholders in line with the most current UK government guidelines.

  Wellbeing

  CPS is at the forefront of championing the health and wellbeing of our team, underscoring the significance of both physical and mental health across all levels of our operations. Our commitment to fostering a positive workplace culture is evident in our modern, flexible working strategies. These include: - Hybrid working models, which empower our employees to deliver exceptional results from any location within the UK, harnessing the benefits of both office-based and remote working to enhance productivity and work-life balance. - The implementation of a 9-day working fortnight, offering our staff a well-deserved break every second Friday, ensuring rest and recuperation which is integral to sustained performance and employee satisfaction. - Comprehensive healthcare provisions that encompass mental health support, reflecting our recognition of the importance of holistic health for our staff's overall wellbeing. These measures are part of our continuous effort to adapt to the evolving work landscape, reinforcing our dedication to the prosperity and resilience of our employees and, by extension, the organisations we serve.

Pricing

• Price: £20 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full function; Limited time - 7 days (extensible)
• Link to free trial: https://oneplan.ai/trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cps.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.