Contract and Project Management System - CPMS
CPMS is a virtual office for modern organisations. It offers a common workspace containing documents, deliverables, communications and procedures related to contracts. CPMS is tailored to public organisation requirements for contract management and supplier performance, allowing concurrent management of multiple contracts/suppliers. CPMS manages documents, projects, calendars, meetings, KPIs/costs and reporting.
Features
- Document management
- Contract management
- Project Management
- Supplier performance monitoring
- Reporting
- Calendar and meetings
- Red-Amber-Green supplier monitoring dashboard
Benefits
- Modular, standards-based design
- Integration options with standards-based e-Procurement systems like e-PPS
- Competitive pricing
Pricing
£850 an instance a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 8 0 5 8 4 2 8 2 9 4 0 3 9 6
Contact
EUROPEAN DYNAMICS UK LTD
Panagiotis Rentzepopoulos
Telephone: 020 34118309
Email: ibd-uk@eurodyn.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
-
- Internet connection
- Reasonably recent version of web browser
- JavaScript enabled
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
User support operates on working hours during workdays. The response to questions depends on their criticality and varies between 2 hours for major incidents to 2 working days for cosmetics. Different service metrics are possible based on specific SLAs.
Response times are the same at weekends is the SLA requires so. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Different options are available. Complete information can be found in the pricing document.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- The service setup includes the provision of standard electronic support material in the form of online documentation. Additional training may also be ordered.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data can be extracted through normal Service operation at any time. Bulk data transfer may be arranged at the end of the term if required.
- End-of-contract process
-
The “off boarding” phase follows an established procedure that provides assurance to both the Customer and the Service Provider that all service aspects will be addressed. Such aspects may include (depending on the Customer’s service set up):
• Access rights: ensure that all access rights are revoked or restored to the state before the service commenced.
• Customer-supplied data: ensure that all information uploaded or stored with the system is handled in line with the Customer requirements (deleted or returned to the Customer).
• Supplier-uploaded information: ensure that all information entrusted with the system by suppliers is managed in line with the contractual and legal requirements in effect.
• System-generated data: ensure that all information related to the Customer will be made available for retrieval. Such information may include audit trails, event characteristics, etc.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service uses responsive design as much as possible, which ensures an easy to use interface dynamically matching the display of the user's device.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- No
- Customisation available
- Yes
- Description of customisation
- During the Service setup phase, buyers are able to select customisation options that will be implemented by the service provider. Additional information exists in the pricing document.
Scaling
- Independence of resources
- The infrastructure of EUROPEAN DYNAMICS warrants that service performance will be unhindered by matters of capacity, load, and network traffic thanks to its design that exploits the benefits of a scalable and robust architecture based on virtualisation.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service usage, helpdesk report, storage consumption, KPI values
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Other
- Other data at rest protection approach
- The Service may encrypt sensitive data at rest
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- The service offers the possibility to archive and download on the user’s storage area all relevant information. Such information includes user information, documents and audit trail reports. All exported files are formatted according to widely used file formats, thus maximising the possibility for reuse without any modification.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- Excel
- Original format (ZIP archive)
- Data import formats
-
- CSV
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
- All communication of sensitive data is via HTTPS over the public internet - The Service also encrypts sensitive information in order to provide additional protection.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Firewalls + Intrusion Prevention systems protect the perimeter of the service platform - The Service also encrypts sensitive information in order to provide additional access control/protection.
Availability and resilience
- Guaranteed availability
- 99.9% ("three nines") availability is offered as standard
- Approach to resilience
-
All key EDHS infrastructure components are fully redundant ensuring an HA data centre architecture ideal for mission critical hosting services:
• Redundant Server Design: all servers are fitted with redundant disks, power and cooling;
• Redundant Storage: fault tolerant enterprise grade Storage Area Network solution;
• Redundant Power: Power outages are handled by a UPS backed up by a diesel generator;
• Redundant Internet feeds: The primary data centre connects via two fibre carriers to two different ISPs. - Outage reporting
- Service availability is part of the service report. Outages are part of the service availability information reported.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Users must enter their username and password in order to access the service. In case of first-time login, they also need to enter a one-time transaction code that is sent to their registered email address.
- Access restrictions in management interfaces and support channels
- Access to management interfaces is restricted through user authentication. Access to support channels is unrestricted. Non-public network channels are used for maintenance operations.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- TÜV HELLAS (TÜV NORD) S.A.
- ISO/IEC 27001 accreditation date
- 09/12/2021
- What the ISO/IEC 27001 doesn’t cover
- The certificate is specific to the hosting service platform and its administration. An ISO9001:2015 certificate covers the quality management of the company's business processes.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- The service security governance is operated in compliance with GDPR and the national data protection laws that apply in the UK and any other involved country (if any).
- Information security policies and processes
- A comprehensive set of Information Policies & Procedures are implement as part of the ISO27001 ISMS under which the service is operated.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Services are operated according to Change management Policy & Procedures which includes configuration changes . Changes must receive formal approval from an internal Change Advisory Board (CAB) .
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The Service Provider has defined a Patch Management Policy implementing a proactive patch management strategy; this involves recording and maintaining the patch level for all information systems involved within the hosting services environment. Furthermore, the strategy involves identification and application of patches that are considered essential in maintaining the security and correct operation of the service.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- A comprehensive monitoring and alerting system is implemented for data centre services, which is implemented as a separate LAN in order to monitor and maintain security. An HP ArcSight SIEM is used to analyze and correlate security events across the IT infrastructure.
- Incident management type
- Supplier-defined controls
- Incident management approach
- The Service Provider maintains an incident management policy and associated incident response procedures as part of its hosting solution. The incident response procedures contain a detailed categorisation of incidents together with triggers and the associated actions that the tenderer takes in order to inform the customer and to protect and defend the customer’s hosted information resources.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Equal opportunity
-
Equal opportunity
EUROPEAN DYNAMICS is an equal opportunity employer and applies an Equal Opportunities Policy (EOP) for this purpose. This policy covers all aspects of employment, from advertising of vacancies, selection, recruitment and training to working conditions and reasons for termination of employment.
We take measures to increase the representation of disabled people in our workforce. We support disabled people in developing new skills relevant to our activities, including through training schemes that result in recognised qualifications.
We regularly monitor the working environment and take appropriate action if necessary to ensure that our EOP operates effectively. Our actions eliminate immediately unlawful direct and indirect discrimination and promote equality of opportunity.
We influence staff, suppliers, customers and communities to support disabled people. We also take measures to identify and tackle inequality in employment, skills and pay in our workforce. We support career development to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to our activities.
Our long-term aim is to proportionally represent all socially disadvantaged groups in the composition of our workforce. We set targets with a fixed timetable for hiring people belonging to groups that are underrepresented in the workforce. Where necessary, specific steps in conformance with relevant legislation are taken to help disadvantaged and/or underrepresented groups to compete for jobs on a genuine equal opportunity basis. Our EOP and the measures for its implementation are based on advice from relevant bodies and in consultation with representatives of our employees.
Pricing
- Price
- £850 an instance a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- EUROPEAN DYNAMICS offers a test instance of the service free of charge to Customers wishing to familiarise themselves with the system, gain access to its documentation and go through online walkthroughs of most common tasks
- Link to free trial
- N/A