PMO as a Service
We provide hosting of Programme Management software as a platform for the running of a Programme Management office. This can be either integrated and used in conjunction with our systems PIM and AIM, or used with clients existing programmes such as Primavera and Jaspersoft
Features
- PMO Systems hosted on the cloud, no hardware required
- Primavera P6 Specialist
- Rapid and efficient deployment from AH consultants
- Seamless Organisation
- Better data consolidation and integration
- Combined Data Warehouse to provide single Source of the truth
- Fully scale-able to your changing needs
- Trusted API's for data transfer between source systems
- BI & Reporting tools including self service adhoc views
- High performance infrastructure
Benefits
- Managed service with detailed SLA for support and uptime
- Reduced costs from owning & maintaining hardware
- Improved infrastructure performance
- The latest versions of PMO Software
- The ability to utilise existing licences
- Full disaster recovery solution
- Experts on-hand assisting you setting up your PMO systems
- Utilisation of PIM System for your PMO Management
- Single provider looking after all of your PMO Systems
- Complete solution comprising hardware, software and consultancy
Pricing
£4,000 to £12,000 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 3 8 6 9 3 0 4 4 8 2 3 0 6 5
Contact
Asset Handling Ltd
Stephen Harrison
Telephone: 0845 075 5886
Email: stephen.harrison@assethandling.com
Service scope
- Service constraints
- No
- System requirements
- Internet Access
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Our SLA's are agreed on a customers requirements basis
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We utilise Microsoft Teams
- Web chat accessibility testing
- We utilise webchat on a daily basis to support our users remotely
- Onsite support
- Yes, at extra cost
- Support levels
-
Support levels are agreed with client at the creation of the service level agreement and are dealt with by technical account managers and expert support assistants. Example support levels below;
Business Critical
Service unavailable for > 60 users
P1
30 mins - First response
4 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for > 30 users
P2
1 hr - First Response
6 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for < 5 users
P3
2 hr - First Response
8 hrs - Resolution
Mon - Fri 8am to 6pm
Business Non Critical
Service unavailable for 1 production user
P4
3 hrs - First Response
30 hrs - Resolution
Mon - Fri 8am to 6pm
User looking for information
P5
3 hrs - First Response
60 hrs - Resolution
Mon - Fri 8am to 6pm - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We set up a PoC environment in AH Environment to allow testing and documenting of the migration process and benchmarking of both performance and security in the new hosted environment, with key activities summarised as:
Review and finalise the technical architecture against Primavera tested configuration and agree the planned configuration for the hardware and software required based on current load and expected capacity
Installation and configuration of Weblogic in AH environment
Installation and configuration of P6 EPPM in AH environment
Migration of Customer databases to AH environment
Configure database connections and authentication
Validation of existing interfaces and integration of P6 EPPM with external systems
System testing and preparation of UAT (user acceptance testing) and data validation scripts
Finalise build documentation to produce a complete set of systems manuals.
Production Migration Repeating Activities from the proof of concept, including any lessons learned.
Migrate production data and users out of hours and at a time to be confirmed, to minimise any impacts with business reporting.
Update cycles and to ensure a seamless transition to BAU activities for the Customer and partner project controllers accessing the current environment. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Data can be provided in a number of formats depending on client requirements including:
- database export format
- flat file exports (CSV / XML / JSON)
- API exports - End-of-contract process
-
ETL and batch processes terminated.
Users deleted and data archived / destroyed depending on client requirements.
Additional cost if data extracts required in client specific format
Using the service
- Web browser interface
- Yes
- Using the web interface
- All hosted applications can be accessed via web
- Web interface accessibility standard
- WCAG 2.1 AAA
- Web interface accessibility testing
- Dependent on the hosted application
- API
- Yes
- What users can and can't do using the API
- Web services available for the hosted products where applicable
- API automation tools
- Terraform
- API documentation
- Yes
- API documentation formats
-
- HTML
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- We have a scalable infrastructure, which allows us to increase storage space and processor power to the demand required with no physical hardware.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- Utilisation of Mirrored data centres with on demand DR
- Backup controls
- During the hosting set up users can define their own requirements
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Support levels are agreed with client at the creation of the service level agreement. Example support levels below;
Business Critical
Service unavailable for > 60 users
P1
30 mins - First response
4 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for > 30 users
P2
1 hr - First Response
6 hrs - Resolution
Mon - Fri 8am to 6pm
Service unavailable for < 5 users
P3
2 hr - First Response
8 hrs - Resolution
Mon - Fri 8am to 6pm
Business Non Critical
Service unavailable for 1 production user
P4
3 hrs - First Response
30 hrs - Resolution
Mon - Fri 8am to 6pm
User looking for information
P5
3 hrs - First Response
60 hrs - Resolution
Mon - Fri 8am to 6pm
Service Credits are available if guaranteed levels of availability are not reached, levels to be agreed with client upon creation of the service level agreement - Approach to resilience
- Available on request Asset Handling have a comprehensive Business Continuity and Disaster Recovery Plan with defined Event and Incident Management protocols. These alerts are categorized and prioritised based on the service impact: Critical, Major, Standard. Critical incidents have the greatest impact to service operations and represent service disruption. Any impact to service operations is processed as a “Critical” incident impact, with any platform ‘Critical’ incident impacting multiple customers initiating a critical continuity response. From initial detection of platform ‘Critical’ incidents, we would apply our continuity controls with a 4 hours RTO target to restore platform and service continuity. Throughout these activities our continuity response would provide service communications to clients.
- Outage reporting
- We alert users by email of any planned or unplanned down time which are included in SLA reporting to our customers.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- Only director’s of the company have direct, and limited, access to our production environment, interfaces and support channels
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Devices users manage the service through
- Dedicated device on a segregated network (providers own provision)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International
- ISO/IEC 27001 accreditation date
- 27/02/2018
- What the ISO/IEC 27001 doesn’t cover
- Nothing
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Asset Handling have the following security policies and processes as part of ISO 27001: Information & Security policy , Data Attack Preparedness and Response process and Data Security Breach Incident Management policy
Incident response is conducted by the Directors of the company with input from other members of the technical team dependent on the type and scale of the issue with policies reviewed and testing completed annually, as a minimum.
As part of staff on-boarding, we educate staff of the importance of security measures and train them to respond to computer and network security incidents.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our Software Development policy covers requirements analysis, systems development and change and release management including: 1 Major release every 2 years, up to 4 Minor releases per year with emergency fixes in between if required, all agreed with clients in advance.
Our change management process covers:
- Create request for change in CRM (RFC)
- Review / evaluate request for change
- Approve / Authorise / Reject change
- Coordinate change implementation
- Close change request
Our release management process covers:
- Build & test release
- User Acceptance Test
- Prepare and deploy release
- Update configuration management database - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We have adopted a patching strategy where we will keep systems up to date with security patches and apply minor patches as required based on operational issues.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Regular testing is performed by accredited external consultants to deliver a programme of testing against our applications, covering:
• Any weaknesses that may be present which could be exploited by an attacker aiming to compromise Asset Handling systems and data
• Any threats facing Asset Handling information assets
• That Asset Handling's security expectations and requirements are being met.
• That a thorough and comprehensive penetration test has occurred.
• To adopt best practice
AH will analyse the weaknesses detected and evaluate the impact associated with each security weakness and implement any recommendations for mitigating the risks with the vulnerability. - Incident management type
- Supplier-defined controls
- Incident management approach
-
On a daily, weekly and monthly basis, health checks are run on the systems to ensure they are running as expected, including automated notifications.
Our incident reporting process is summarised as:
- Incidents are raised on the company service desk run (logged by phone / email)
- The incident is then assigned with an email sent directly to the client
- The incident log is updated with all actions
- At resolution, an email is sent that the incident has been resolved.
Monthly SLA reports are available covering service desk requests as well as availability summary reports.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Managed by third party
Social Value
- Fighting climate change
-
Fighting climate change
The remote nature of our SaaS products and PaaS platforms support working from home, reducing the need to travel to a workplace for both ourselves and our clients. - Covid-19 recovery
-
Covid-19 recovery
The nature of the business at Asset Handling has fully supported remote and hybrid working throughout the pandemic and will continue to do so moving forward. - Tackling economic inequality
-
Tackling economic inequality
Asset Handling is a growing business currently looking to recruit in areas such as development and sales. the award of future contracts would support the growth of the organisation and future employment opportunities within it. - Equal opportunity
-
Equal opportunity
Asset Handling employs a diverse workforce from a variety of different backgrounds, we believe in recruiting the right person for the role regardless of gender, race, belief system or disability. This is reflected in our Equal Opportunities Statement. - Wellbeing
-
Wellbeing
Asset Handling is committed to the health and wellbeing, both physical and mental of their employees. We foster a culture of openness in our organisation where all are comfortable expressing themselves and able to come forward when experiencing difficulties.
Pricing
- Price
- £4,000 to £12,000 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No