PM3
PM3 is a Project Portfolio Management tool (PPM) widely used in the NHS, Police, Councils and other public sector organisations. It is easy-to-use and has been designed by project management practitioners. PM3 functionality includes ‘top down’ planning, Gantt Charting, resource management, benefits management (CIPs), governance, project prioritisation, risk and issues.
Features
- Savings and benefits tracking
- Project and Programme Gateways
- Project Impact Assessments including QIA, EQIA and DPIA
- Resource and Capacity Management
- Timesheet management including utilisation tracking
- Risk, Assumptions, Issues, Dependencies and Decisions Log
- Project, Programme and Portfolio Accounting
- Project and Programme Plannning (top down and bottom-up)
- Actions Management and Alerting
- Project, Programme and Portfolio Dashboards & Reporting
Benefits
- Reduction of PMO time producing reports
- Reduction of Project Managers' time producing reports
- Dashboards are available in real-time saving time
- Early intervention on failing projects due to PM3 alerts
- Savings plans are accurate due to links to delivery plans
- Savings due to improved utilisation of resources
- Executives are more effective due to real-time information
- Promotion of milestones supports programme managers' decision making
- Gateway Management stops funding of projects with inadequate business cases.
- Improved decision making due to 'one version of the truth'
Pricing
£12 to £95 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 2 5 4 2 4 2 1 2 8 9 9 7 1 2
Contact
Bestoutcome
Wesley Oliver
Telephone: 01753 885864
Email: info@bestoutcome.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
To use PM3, all that is needed is a supported browser and a laptop or device that can access the internet. No other software or hardware is required.
Maintenance is performed out of hours so is not a constraint. - System requirements
-
- Supported Browsers
- Internet enabled device
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We respond to questions typically within 15 minutes. At Weekends the response time is likley to be within 30 minutes.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Users can go on to our website and a zendesk chat window opens up and a support agent can then answer support requests
- Web chat accessibility testing
- None to date
- Onsite support
- Yes, at extra cost
- Support levels
- We provide Service Level Agreements as defined in the software contract. It is very rare for a client to require our technical team to attend their site to resolve technical issues, but we would charge for this service at rates shown in the Pricing Document. Every client has an Account Manager
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide on-site and remote training, and on-line videos which can be watched on-demand. User Guides including a quick-start guide are provided, and the product has an extensive on-line Help system. We also provide support to the client for planning their PM3 implementation.
In 2022 we launched the on-line Learning Managment System (LMS) for PM3. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
At the end of the contract users can extract their data in two ways:
1) We can provide a SQL Server Backup which the client's technical people can extract data from; and
2) Our BI plugin, datamart, can extract all project data easily into Excel, PowerBI or a range of BI tools - End-of-contract process
- There are no additional costs at the end of the contract. At the end of the contract a customer can extract their data using an Excel export of screens or from an SQL Server back-up and we would then decommission the service.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
PM3 can be used on most mobile devices. Typically, it is used on Android and IOS tablets.
There is no discernable difference in accessing PM3 on a desktop or mobile device but if you are entering significant amounts of data we recommend the desktop devices.
We also have an app, PM3Team, on the app store (Play and Apple) that users can use to carry out some PM3 functionality - typially this is used by team members - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- PM3 Data is available for Management Information Analysis via SOAP and REST web services.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Many of the fields in PM3 can be customised by the user. User profiles may also be customised by the user. For example, User Interace groups can be created allowing different users to have access to different screens.
PM3 has many configuration options that the customer can change. We can also offer a cutomised consulting support model if required.
Users can also create their own reports using PM3's report designer.
Virtually every screen in PM3 has the ability to be configured by the user
Scaling
- Independence of resources
- Usage of disk space and CPU are closely monitored. PM3 is installed on a virtual infrastructure allowing us to easily turn on more disk and CPU as needed.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We can provide metrics on demand of uptime of our service, number of user log-ins and user time on the system. We can also provide an in-depth audit log on request.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
We have an API whereby users can extract their data into Excel or into a range of BI tools including PowerBI, business Objects, etc.
We can also provide a SQL Server Backup which the client's technical people can extract data from. - Data export formats
- Other
- Other data export formats
-
- Excel
- PowerBI
- Almost any BI tool, e.g Tableau
- Data import formats
-
- CSV
- Other
- Other data import formats
- Excel (for some screens)
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
SLAs for availability are specified in the software licences contract, and are summarised below :
- Non-resilient option: 99.87% avail; fee credit – pro-rated unavailable time of monthly charge
- Resilient option: 99.9% avail; fee credit – 2% of monthly charge for each 90 minute period - Approach to resilience
- Our hosting supplier, Pulsant, has robust procedures in place that ensure system and data resilience. Pulsant is a level 4 data centre and we have a virtual stack for our PM3 infrastructure that is replicated at another Pulsant data centre. This virtual data centre will be activated in the event of a 'disaster' at the primary data centre. Further details of these procedures could be provided on request.
- Outage reporting
- We report any outages via e-mail alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for restricting access in management interfaces and support channels. This includes physical separation of the client databases.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 21/02/2022
- What the ISO/IEC 27001 doesn’t cover
- Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. Anything else is excluded.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
-
Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for restricting access in management interfaces and support channels. This includes physical separation of the client databases.
We also have the Cyber Essentials accreditation.
We have a board member who is responsible for Security and we also have a Security Officer who reports to the Security Director.
A copy of our Information Security Management System can be provided on request.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that our Configuration and Change Management processes and tools are effective and sufficient. We can provide full details on request, describing how we use SourceSafe for code and release management, Carbonite for backup and restore, and Vipre anti-virus software for malware protection - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that we have effective and sufficient processes in place for vulnerability management. Security Issues are treated as Incidents. Security Risks are recorded in the Risk Treatment Plan (which is part of our ISO 27001 certified Information Security Management System) and are managed through the monthly Management Reviews. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software.
This certification includes independent verification that we operate effective and sufficient processes for protective monitoring. Our ISP is responsible for monitoring of the live servers, and their systems include DNS and virus protection. As part of our ISO 27001 processes we regularly review the log files on the servers for irregularities, and take appropriate measures to log these Issues and resolve them - Incident management type
- Supplier-defined controls
- Incident management approach
- Bestoutcome holds ISO 27001 certification for the design, development and testing of software, including sales and support of licensed software. This certification includes independent verification that we operate effective and sufficient processes for incident management. Our Information Management Security System Policy includes the following statement “Any and all incidents must be reported immediately in the Information Security Officer. Incidents are recorded in the Issues Log. Bestoutcome’s primary goal is to re-establish secure access to the customer’s systems as rapidly as possible and ensure there is no loss of data or data integrity."
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Social Value
- Fighting climate change
-
Fighting climate change
Wherever possible we consider climate change. For example, we have stopped travelling to clients by car and we do most interactions with our clients via Teams. If we have to visit a client we use public transport whenever possible. - Equal opportunity
-
Equal opportunity
BestOutcome is an equal opportunity employer. We have policies in our standard employee handbook and recruitment processes to ensure we follow equal opportunity principles. - Wellbeing
-
Wellbeing
Wellbeing is important for our staff and we have a number of policies that we follow that support our employees' well being. We provide health insurance for our employees and this affords our employees the right to speak to a mental health councillor. We also allow our employees to work from home when necessary and we strive to ensure that our employees all maintain a good work life balance.
Pricing
- Price
- £12 to £95 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Our free trial service is limited to 10 users and 2 months. We install a version of the software. We also provide training and support during the trial period.