UPLAND SOFTWARE UK LIMITED

PowerSteering

PowerSteering offers best of breed Portfolio Management Software and best practices to manage Investment Programs, CapEx, M&A programmes, IT/Enterprise PMOs, New Product Development, and Operational Excellence programmes. As a complete solution, we provide comprehensive customer implementation, training, ongoing support, upgrades, maintenance, integration and consulting services.

Features

• Business & IT Project Programme/Portfolio Management (PMO)
• New Product Development
• Continuous Improvement
• Six Sigma & Lean Six Sigma
• Strategy Deployment
• Application Portfolio Management
• Idea & Demand Management
• SSO & Dell Boomi Integration
• Mergers & Acquisition Project Management
• Project & Portfolio Financial Tracking/Management

Benefits

• Application Portfolio Management
• Decrease Project Cycle Time
• Automate reporting cycle, decreasing report preparation time
• Align project/work to strategic objectives
• Tracking & Visbility of KPIs/Measures that drive strategic objectives
• Monitor and capture project financials (budget/actual/benefits)
• Gate enforcement of end-to-end project governance
• Gate enforcement of end-to-end project governance

£50 to £1,000 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@uplandsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

487599938083740

Contact

Heather Babington
0161-362-6518
gcloud@uplandsoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Internet Browser
  • Broadband Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 queries: 1 hour; Priority 2 queries: 4 hours; Priority 3 queries: 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard: Business hours support (email/portal), Community portal access, Critical Support Response time = 1 business Hr; ; Plus: After hours support = 24/5 Critical Support Response time = 1 Hr (24/5), Named CSM Provided , Annual Health Check, priority for tickets; ; Enterprise: After hours support = 24/7 Critical Support Response time = 30 mins (24/7), Named CSM Provided , Semi - Annual Health Check, priority for tickets, Customer advisory board
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upland Software provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.; ; Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any ‘configuration clicking’ in the user interface.; ; Training options; ; Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users are always able to extract data at any time. There are a number of ways to extract data, through API, CSV, templates and reports. On contract end Upland will provide a number of data options including a database copy.
• End-of-contract process: Data extract that requires no statement of work is included. Additional work will require a statement of work.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None (full, responsive HTML5 supported).
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: PowerSteering supports integrations via the Dell Boomi IPaaS platform.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Client select power users to be trained as administrators. These administrators have access to an administrative panel within PowerSteering. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within PowerSteering.

Scaling

• Independence of resources: PowerSteering is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is segregated in individual database instances; however, we put multiple customers on each of our application and database servers. We are a multi-tenant system to capitalize on the economies of scale for resources and ongoing operational maintenance.; ; Additionally, PowerSteering utilizes Amazon Web Services (AWS) for hosting (Infrastructure-as-a-Service) to ensure the high-level application performance needs of our global customer base are fulfilled.

Analytics

• Service usage metrics: Yes
• Metrics types: Uptime, full support ticket information, development information.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Many areas of PowerSteering that provide summations of data (e.g., Visual Portals, Dashboards, drill-through reports) can be exported in a variety of common formats (e.g., PDF, Word, HTML, Excel, etc.). PowerSteering has the ability to generate a full data export in any format preferred (e.g. Excel) delivered on a pre-defined schedule. This can be delivered any day or timeframe as needed. Other options are available.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Word
  • XLS
  • PDF
  • HTML
  • PPT
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Word
  • XLS
  • PDF
  • HTML
  • PPT
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Software Availability;; The periods of time that the Application is Available for use by the Customer not including scheduled downtime. “Availability” or “Available” means that an Authorized User can log in and access the Application.; ; Available in all material respects 99.5% average over a month (calculated on a 24 x 7 x 365 basis, other than Scheduled Downtime and other than any period of downtime that lasts 5 continuous minutes or less).
• Approach to resilience: Available on request
• Outage reporting: Customer Portal ; E-mail alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: PowerSteering will create either an encrypted LDAP connection to SAML 2.0 compliant identity federation solution (e.g., Active Directory), or will create a dedicated VPN connection between PowerSteering and the customer. Once we have a connection, PowerSteering will send an on-demand request with the required authenticating information from our application server. If the end users' credentials are valid, they will then be granted access. If the credentials are not valid we deny access. This request is in real-time, therefore if an employee is disabled at 11:30, at 11:31 if they attempt to access, they will be denied.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 16 SOC 2 Type II / ISAE 3402
  • Privacy Shield

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to: ; ++ SSAE-16 / ISAE 3402 ; ++ SOC 2 ; ++ Privacy Shield
• Information security policies and processes: Upland’s security framework is based on the ISO 27001 framework. On an annual basis, Upland PowerSteering is SSAE16 SOC1 Type II / ISAE 3402 audited, and as of 2016, SOC 2 audited as well. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: PowerSteering has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services. ; ; We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates. ; Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external ; monitoring systems that periodically verify the state of each Upland cloud-based software product.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our commitment to diversity, equity, and inclusion At Upland, we recognize the importance of diversity, equity, and inclusion for our team members, our customers, and the communities which they represent. We are committed to educating ourselves and doing the necessary work so we can identify opportunities to create impact where it matters most to our team members and to build a richer sense of community for all. Because at the end of the day we want everyone to feel seen, respected, and heard.

Pricing

• Price: £50 to £1,000 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@uplandsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.