Experienced Management Consultants Limited

Connect

Connect is a management tool for Strategy, Portfolios/Programmes/Projects, Operations, Performance, Audits, GRC and other areas. It has and it integrates the functionality and data of the normally separate management tools in these domains, creating powerful, joined-up views of what matters, e.g. Value, Outputs, People, Systems, Suppliers, Organisation, Risks/Issues, Dependencies, Actions

Features

• Single application for Strategy, Change and Operations management
• Integrated MI/BI, visualising real time business performance
• Cascades strategy, links change/ operations/finance
• Manages people’s delivery vs Objectives and Key Results (OKRs)
• Next generation integrated, automated Portfolio, Programme and Project Management
• Integrated, automated RAID management linked to everything else
• Pushes actions at people and creates visibility of progress
• Internal and External dependency statuses and impacts automatically updated
• Manages audit/assurance findings and actions and governance effectiveness.
• Integrated Assurance and Audit Plans

Benefits

• Drive relentless focus on outcomes and actions that deliver them
• Make better, more timely decisions, based on accurate information
• Reduce business complexity and integrate the business
• Gain integrated visibility and control of Portfolios, Programmes and Projects
• Massively reduce PMO effort and cost
• Actively manage risks with automated updates to causes and impacts
• Actively manage RAID, with automated updates to status and impact
• Integrate Agile delivery teams with traditional PMOs
• Enhance governance effectiveness and compliance and drive pro-active management culture
• Stay on top of Strategy Execution, OKRs and performance

£39,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@xmcs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

780491510331790

Contact

Duncan Hare
+44 (0) 20 7084 5760
enquiries@xmcs.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Potential planned maintenance may be performed with at least a week’s notice which could potentially temporarily make the service unavailable for a short while (approximately 1-2 hours) ; Any disruption will be limited to UK late night/early morning weekday hours and weekends.
• System requirements: Browser based so there are no specific system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 Hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See Service Definition and Pricing documents
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training, on-line training and a separate instruction video for each function.; ; We also provide a spreadsheet with a list of user information to fill in. We use this to generate the required people records and also to set up the user accounts. ; We also have various spreadsheets that can be used to import existing data into our system.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: They can extract the “Node” data that sits in the Graph Database (Neo4j) through an extract to CSV button at any time (not just at the End-of-Contract.; ; The data that does not sit in the graph database, such as attachments, sits in a Cosmo DB database and this will be provided to users on request at the end-of-contract.
• End-of-contract process: We provide 3 days of free support (included in the price) to help with End-of-Contract data transfer. Additional days can be purchased if required (see rate card)

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Users with certain authorisations can customise all of the features provided in the settings menu option. This includes the shape and size of the risk tables that other users will see etc

Scaling

• Independence of resources: Through a combination of techniques including autoscaling of various backend services and splitting customers into their assigned partitions which do not utilise other partition resources. This way we can monitor and vertically scale based on how specific partitions are performing.

Analytics

• Service usage metrics: Yes
• Metrics types: TBD
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Through an export CSV button that exists for each data node type (each record type)
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide no specific SLA's by default but may agree them with specific customers on a case by case basis
• Approach to resilience: Quidita uses well known and established third party cloud service providers with inbuilt resilience.
• Outage reporting: TBD

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We limit roles that are able to access our resources on a need-to-know basis based.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our Chief Information Security Officer sits on our Board and our Executive Team, ensuring that security matters are represented at those levels.; ; We have a “Security by Design” approach, based on NIST principles. This ensures that security runs “like a golden thread” through functions relevant to our service such as:; • Identify (including scanning for threats, opportunities and legal and regulatory requirements); • Risk Management; • Strategy (including product strategy); • Enterprise Architecture (business and technology); • Controlled Change; • Operational Management (including of the Services, reporting and governance); • Financial Management (including reporting and governance); • Compliance Management
• Information security policies and processes: Our security policies cover.; • General information security – our over-arching security appetite and posture; • Personnel – how personnel security is expected to contribute to the security of information; • Physical – how physical security is expected to contribute to the security of information; • Access – how users are granted access to applications and data; • Authentication and passwords; • Attack response – how we prepare and respond to malware, phishing, viruses, ransomware and other attacks; • Cloud security policy – How we address security around the cloud-based technologies we use; • Incident response – how we respond to an out-of-normal situation that affects security; • Patching – our process for installing and managing patches; Adherence to these policies is ensured through our NIST based "secure by design" framework which identifies the elements of our services and our business where each aspect impacts security and builds in training, culture, reporting and governance and other controls at each of these.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have robust integrated Change, Configuration and Release Control process, in which components of the service are version controlled, Changes are reviewed for their impact on the service and (through review by our security governance processes) on security and releasing is only permitted when clear criteria have been met.; ; A record of code changes is maintained in a code repository.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our codebase is monitored by automated services to detect vulnerabilities based on up to date threat intelligence and notify our SOC.; The established third party cloud providers on whom we rely detect vulnerabilities and execute patches to industry standards.; We assess the criticality of the vulnerability and respond promptly on case by case basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We adopt our own mechanisms for identifying, preventing and alerting of potential compromises. ; ; Incidents are responded to promptly on the basis of risk.
• Incident management type: Supplier-defined controls
• Incident management approach: We have set of pre-defined processes for common event types. ; Users may report incidents through email; Our SOC assesses incidents for severity and they are acted on in accordance with our incident management policy.; Where incidents involve risks relevant to the user we report to them via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At XMCS, we work in an environmentally responsible manner and are continuously looking to find new ways to reduce our carbon footprint and other environmental impacts. Our CEO has masters degree in environmental management and we are committed to:; 1. Conducting our operations in compliance with environmental regulations.; 2. Integrating environmental considerations and objectives into all our business decisions.; 3. Behaving at all times in an environmentally friendly manner.; 4. Encouraging awareness among our suppliers, partners, clients and people, of all opportunities to improve environmental protection.; 5. Separating and recycling as many materials as is practicable.; 6. Working with our clients to think about how their businesses affect the environment and throughout our business, will provide professional advice that is consistent with this aim.; 7. Using energy/natural resources in minimal amounts.; 8. Encouraging the use of travel options that have a minimal impact on the environment. ; This policy is reflected in:; 1. Our internal culture, as reinforced through our corporate value statements.; 2. Our performance management framework.; 3. Our terms of employment.; 4. Our supply chain assurance processes and supplier contracts.; As a result we, for example:; 1. Decline to work with suppliers who do not share our values in this respect and whose processes do not meet our low carbon standards; 2. Actively avoid working for clients who we believe do not work in an environmentally responsible manner; 3. Choose low carbon modes of travel; 4. Keep our offices at a lower than usual temperature

  Covid-19 recovery

  XMCS is a small supplier, so has limited scope to make a difference to the Covid-19 recovery. Nevertheless, we look to ensure that, where possible, our supply chain decisions (in terms both of the sub-contractors who help us to deliver our services, and the investments we make in equipment and infrastructure) favour areas of the country most badly affected by Covid.

  Tackling economic inequality

  XMCS is a small supplier, so has limited scope to make a difference to Economic inequality recovery. Nevertheless, we look to ensure that, where possible, our supply chain decisions (in terms both of the partners who help us to deliver our services, and the investments we make in equipment and infrastructure) favour areas of the country or of the world most in need of levelling-up.

  Equal opportunity

  XMCS is an equal opportunities employer and we extend this to our sub-contractors. As such, we operate meritocratically, choosing the right person for each role and making no distinctions between people based on sex, disability, colour, perceived race (“race” being a social construct), sexuality, gender reassignment or any other attribute about which individuals have no choice.; That said, we are alert to the fact that other parts of society do, unfortunately, make such distinctions and treat individuals based on the attributes of a perceived group; and this has led to some individuals being disadvantaged. Where this appears to have been the case, or may have been, we look to make allowances through our meritocratic process by taking account of the additional achievement which the individual may have demonstrated in having to deal with such challenges.

  Wellbeing

  We care passionately about the wellbeing of our people and we extend this to our sub-contractors. We believe that individual wellbeing is fundamental to the wellbeing and cohesion of society and also, of course, to the sustainable delivery of any service. As a result, we are constantly alert to wellbeing issues and take proactive steps to elicit from people their true state of wellbeing and to address any issues which arise. We put wellbeing before profit and have often foregone profit in order to provide individuals with time/space to recover their sense of wellbeing.; We are a prompt payer of sub-contractors and frequently pay small sub-contractors on request and well ahead of any payment due to them, if that helps to alleviate a personal challenge they have told us about.; We have developed our own “wellbeing by design” operating model to ensure that we understand and optimise those aspects of our business that impact people’s wellbeing.

Pricing

• Price: £39,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@xmcs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.