Skip to main content

Help us improve the Digital Marketplace - send your feedback

Asset Handling Ltd

PMO as a Service

We provide hosting of Programme Management software as a platform for the running of a Programme Management office. This can be either integrated and used in conjunction with our systems PIM and AIM, or used with clients existing programmes such as Primavera and Jaspersoft

Features

  • PMO Systems hosted on the cloud, no hardware required
  • Primavera P6 Specialist
  • Rapid and efficient deployment from AH consultants
  • Seamless Organisation
  • Better data consolidation and integration
  • Combined Data Warehouse to provide single Source of the truth
  • Fully scale-able to your changing needs
  • Trusted API's for data transfer between source systems
  • BI & Reporting tools including self service adhoc views
  • High performance infrastructure

Benefits

  • Managed service with detailed SLA for support and uptime
  • Reduced costs from owning & maintaining hardware
  • Improved infrastructure performance
  • The latest versions of PMO Software
  • The ability to utilise existing licences
  • Full disaster recovery solution
  • Experts on-hand assisting you setting up your PMO systems
  • Utilisation of PIM System for your PMO Management
  • Single provider looking after all of your PMO Systems
  • Complete solution comprising hardware, software and consultancy

Pricing

£4,000 to £12,000 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.harrison@assethandling.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 3 8 6 9 3 0 4 4 8 2 3 0 6 5

Contact

Asset Handling Ltd Stephen Harrison
Telephone: 0845 075 5886
Email: stephen.harrison@assethandling.com

Service scope

Service constraints
No
System requirements
Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our SLA's are agreed on a customers requirements basis
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We utilise Microsoft Teams
Web chat accessibility testing
We utilise webchat on a daily basis to support our users remotely
Onsite support
Yes, at extra cost
Support levels
Support levels are agreed with client at the creation of the service level agreement and are dealt with by technical account managers and expert support assistants. Example support levels below;
Business Critical
Service unavailable for > 60 users
P1
30 mins - First response
4 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for > 30 users
P2
1 hr - First Response
6 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for < 5 users
P3
2 hr - First Response
8 hrs - Resolution
Mon - Fri 8am to 6pm
Business Non Critical
Service unavailable for 1 production user
P4
3 hrs - First Response
30 hrs - Resolution
Mon - Fri 8am to 6pm
User looking for information
P5
3 hrs - First Response
60 hrs - Resolution
Mon - Fri 8am to 6pm
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We set up a PoC environment in AH Environment to allow testing and documenting of the migration process and benchmarking of both performance and security in the new hosted environment, with key activities summarised as:

Review and finalise the technical architecture against Primavera tested configuration and agree the planned configuration for the hardware and software required based on current load and expected capacity
Installation and configuration of Weblogic in AH environment
Installation and configuration of P6 EPPM in AH environment
Migration of Customer databases to AH environment
Configure database connections and authentication
Validation of existing interfaces and integration of P6 EPPM with external systems
System testing and preparation of UAT (user acceptance testing) and data validation scripts
Finalise build documentation to produce a complete set of systems manuals.
Production Migration Repeating Activities from the proof of concept, including any lessons learned.
Migrate production data and users out of hours and at a time to be confirmed, to minimise any impacts with business reporting.
Update cycles and to ensure a seamless transition to BAU activities for the Customer and partner project controllers accessing the current environment.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be provided in a number of formats depending on client requirements including:
- database export format
- flat file exports (CSV / XML / JSON)
- API exports
End-of-contract process
ETL and batch processes terminated.
Users deleted and data archived / destroyed depending on client requirements.
Additional cost if data extracts required in client specific format

Using the service

Web browser interface
Yes
Using the web interface
All hosted applications can be accessed via web
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
Dependent on the hosted application
API
Yes
What users can and can't do using the API
Web services available for the hosted products where applicable
API automation tools
Terraform
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
We have a scalable infrastructure, which allows us to increase storage space and processor power to the demand required with no physical hardware.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
Utilisation of Mirrored data centres with on demand DR
Backup controls
During the hosting set up users can define their own requirements
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Support levels are agreed with client at the creation of the service level agreement. Example support levels below;
Business Critical
Service unavailable for > 60 users
P1
30 mins - First response
4 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for > 30 users
P2
1 hr - First Response
6 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for < 5 users
P3
2 hr - First Response
8 hrs - Resolution
Mon - Fri 8am to 6pm
Business Non Critical
Service unavailable for 1 production user
P4
3 hrs - First Response
30 hrs - Resolution
Mon - Fri 8am to 6pm
User looking for information
P5
3 hrs - First Response
60 hrs - Resolution
Mon - Fri 8am to 6pm
Service Credits are available if guaranteed levels of availability are not reached, levels to be agreed with client upon creation of the service level agreement
Approach to resilience
Available on request Asset Handling have a comprehensive Business Continuity and Disaster Recovery Plan with defined Event and Incident Management protocols. These alerts are categorized and prioritised based on the service impact: Critical, Major, Standard. Critical incidents have the greatest impact to service operations and represent service disruption. Any impact to service operations is processed as a “Critical” incident impact, with any platform ‘Critical’ incident impacting multiple customers initiating a critical continuity response. From initial detection of platform ‘Critical’ incidents, we would apply our continuity controls with a 4 hours RTO target to restore platform and service continuity. Throughout these activities our continuity response would provide service communications to clients.
Outage reporting
We alert users by email of any planned or unplanned down time which are included in SLA reporting to our customers.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Only director’s of the company have direct, and limited, access to our production environment, interfaces and support channels
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
27/02/2018
What the ISO/IEC 27001 doesn’t cover
Nothing
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Asset Handling have the following security policies and processes as part of ISO 27001: Information & Security policy , Data Attack Preparedness and Response process and Data Security Breach Incident Management policy
Incident response is conducted by the Directors of the company with input from other members of the technical team dependent on the type and scale of the issue with policies reviewed and testing completed annually, as a minimum.
As part of staff on-boarding, we educate staff of the importance of security measures and train them to respond to computer and network security incidents.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Software Development policy covers requirements analysis, systems development and change and release management including: 1 Major release every 2 years, up to 4 Minor releases per year with emergency fixes in between if required, all agreed with clients in advance.
Our change management process covers:
- Create request for change in CRM (RFC)
- Review / evaluate request for change
- Approve / Authorise / Reject change
- Coordinate change implementation
- Close change request
Our release management process covers:
- Build & test release
- User Acceptance Test
- Prepare and deploy release
- Update configuration management database
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have adopted a patching strategy where we will keep systems up to date with security patches and apply minor patches as required based on operational issues.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular testing is performed by accredited external consultants to deliver a programme of testing against our applications, covering:
• Any weaknesses that may be present which could be exploited by an attacker aiming to compromise Asset Handling systems and data
• Any threats facing Asset Handling information assets
• That Asset Handling's security expectations and requirements are being met.
• That a thorough and comprehensive penetration test has occurred.
• To adopt best practice
AH will analyse the weaknesses detected and evaluate the impact associated with each security weakness and implement any recommendations for mitigating the risks with the vulnerability.
Incident management type
Supplier-defined controls
Incident management approach
On a daily, weekly and monthly basis, health checks are run on the systems to ensure they are running as expected, including automated notifications.

Our incident reporting process is summarised as:

- Incidents are raised on the company service desk run (logged by phone / email)
- The incident is then assigned with an email sent directly to the client
- The incident log is updated with all actions
- At resolution, an email is sent that the incident has been resolved.

Monthly SLA reports are available covering service desk requests as well as availability summary reports.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Managed by third party

Social Value

Fighting climate change

Fighting climate change

The remote nature of our SaaS products and PaaS platforms support working from home, reducing the need to travel to a workplace for both ourselves and our clients.
Covid-19 recovery

Covid-19 recovery

The nature of the business at Asset Handling has fully supported remote and hybrid working throughout the pandemic and will continue to do so moving forward.
Tackling economic inequality

Tackling economic inequality

Asset Handling is a growing business currently looking to recruit in areas such as development and sales. the award of future contracts would support the growth of the organisation and future employment opportunities within it.
Equal opportunity

Equal opportunity

Asset Handling employs a diverse workforce from a variety of different backgrounds, we believe in recruiting the right person for the role regardless of gender, race, belief system or disability. This is reflected in our Equal Opportunities Statement.
Wellbeing

Wellbeing

Asset Handling is committed to the health and wellbeing, both physical and mental of their employees. We foster a culture of openness in our organisation where all are comfortable expressing themselves and able to come forward when experiencing difficulties.

Pricing

Price
£4,000 to £12,000 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.harrison@assethandling.com. Tell them what format you need. It will help if you say what assistive technology you use.