Mott MacDonald Limited

Merlin (strategic issue management service)

Mott MacDonald’s Merlin is a flexible web browser-based issue, crisis and major event management tool enabling strategic collaboration between teams in coordinating city or event operations. Merlin provides the ability to quickly share knowledge, implement coordinated responses to issues, maintain cohesive and clear map-based and tabular views for relevant stakeholders.

Features

• Issue management including capturing all relevant history.
• Interactive mapping, supporting geospatial analysis.
• Document storage, providing access to contingency plans.
• Stakeholder dashboard, providing a shared status of all issues.
• Planned event management, enabling impact assessment during crises.
• Routine and ad-hoc reporting, encouraging information sharing.
• Full audit trail, supporting post-incident analysis.
• Secure role-based access from any standard web browser.

Benefits

• Internal and external access allows information to be quickly shared.
• All data stored centrally and safely, reducing administrative overhead.
• Enables informed decision making and ensures teams are kept up-to-date.
• Supports cross-organisational collaboration improving communication.
• Supports rapid and appropriate response and recovery.
• Fully accessible by desktop, tablet, and mobile device.
• Developed closely with clients and major recent events.
• Advanced filtering and sorting to find incidents quickly and easily.

£64,500.00 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology+systems@mottmac.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

803918116491361

Contact

Samantha Lottering-Geeson
+44 (0)141 222 3798
technology+systems@mottmac.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Approved web browser version

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times: ; ; | GOLD Support: 2 hours; | SILVER Support: 4 hours; | BRONZE Support: 8 hours; ; (during working hours)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: | Standard Support: 08:30-17:00 weekdays (excl. bank holidays) ; ; | Enhanced Support: 24x7 (by agreement) ; ; | Support costs and further details are included in our Service Description and Pricing documents.; ; | We will provide a technical project manager/account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Following agreement of contract, the following onboarding process will be undertaken:; ; ● Initiation of project management methodology; ● Clarification session on configuration requirements held on customer premises; ● Templates provided for customer data inputs, such as user accounts, organisation names and map data; ● Hosting setup and configuration; ● Service configuration and commissioning; ● Support setup; ; User training can be provided in the form of classroom-based, hands-on training. User training is provided as a half-day session at the buyer's premises. During such training, users are provided with instruction in using all aspects of the system as an end-user. Attendees are provided with electronic course materials. ; ; Train-the-trainer training can be provided in the form of classroom-based, hands-on training. Train-the-trainer training is provided as a full-day session at the buyer's premises. During such training, trainers are provided with instruction in using all aspects of the system as an end-user, as well as in the underlying system principles, allowing them to confidently provide training and guidance to the ultimate end users. Attendees are provided with electronic course materials. Train-the-trainer training is priced as a unit of five attendees.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: As part of the offboarding process, Mott MacDonald will provide the customer with an extract of all customer data stored in Merlin. This will be provided in Comma Separated Value files. All hosted data will then be securely deleted from the server prior to decommissioning of the service.
• End-of-contract process: The system will be decommissioned, and an export of the data will be provided as part of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop version has full access rights. Mobile version has access to subset of issue management functions.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Independent cloud infrastructure is supplied for each client instance to prevent one client service impacting another. Preventative health checks and network checks are undertaken daily for each system to ensure a high level of service at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: Fully audited system recording user access and all changes to data.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The data stored in Merlin is accessible to users through the application at any time they require. If an export is required it can be provided by the support team. A full export of the data is provided at the end of the contract as part of the offboarding process.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service levels can be defined on a client-by-client basis as part of the call-off arrangements.
• Approach to resilience: Resilience level is dependent on host service support selected.
• Outage reporting: Outages are reported internally to our helpdesk, who coordinate and escalate to project managers as required to liaise with client representatives.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Limited access over dedicated link, enterprise or community network.; ; Username and strong password/passphrase enforcement.; ; The system supports different roles and responsibilities with respect to access to data held within the system. ; ; Accounts and roles will be assigned to individuals.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV - Business Assurance
• ISO/IEC 27001 accreditation date: 03/10/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Certified Information Systems Security Professional (CISSP) staff

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Our cloud services are managed under Mott MacDonald's Information Security Management System (ISMS) which is independently audited and certified under ISO27001:2013.; ; Project Managers are responsible for their Projects’ Security Incident Management for systems that are not connected to Group IT systems. All projects must complete an Information Security Risk Assessment (ISRA) as part of our Project Plan of Work (PPW), which must review risks and provide mitigation strategies.; ; All serious information security incidents (actual or perceived) must be immediately reported to the Director Business Management Systems and Risk who will form a Response Team and Plan to deal with the situation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are documented as procedures complying with both ISO9001:2015, TickITPlus and potential security impacts through ISO27001:2013. TickITplus covers our expertise in project management, technical and advisory services in transport engineering, system integration and the development of associated software to Government, Local Authority and the Private Sector. Management and mitigation of risk is an integral part of our system and is monitored and reported through a set of mature project governance procedures designed to identify risks and mitigate against them as soon as possible.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We review newly released third party software upgrades and patches. We perform non-critical Operating System updates quarterly. Our Cyber Security specialist issues a weekly vulnerability report detailing all new threats from the Cybersecurity Infrastructure Security Agency (CISA), rated by Common Vulnerability Scoring System (CVSS) which our support team review and assess for our environment. Once complete we follow existing incident management procedures for security incidents. Where high or critical patches are identified we raise a request and, once approved, deploy to live. Our Cyber Essentials Plus accreditation requires remedial work to be undertaken within 14 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a number of tools and techniques to monitor systems for signs of compromise:; ; • regular network penetration test scans to detect potential vulnerabilities;; • host-based intrusion detection;; • network firewall; ; • Web application firewall where justified by the risk assessment; and; • comprehensive system and network monitoring using OpenNMS to detect log events and service issues.; ; We treat a potential compromise as an information security incident and respond using our Business Management System STEP procedure which details the process for dealing with an information security incident.
• Incident management type: Supplier-defined controls
• Incident management approach: External users can report incidents by contacting our Help Desk by phone or email. Internal users use our ServiceNow system to report information security incidents.; ; We treat a potential compromise as an information security incident and respond using our BMS STEP procedure, complying with ISO 27001, which details the process for dealing with an information security incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  PROTECTING AND IMPROVING OUR ENVIRONMENT - Mott MacDonald is an industry leader in protecting and improving the environment and providing thought leadership in the infrastructure community on creating a stable climate and prosperous net carbon zero economy. We authored the Infrastructure Carbon Review for the UK Government and co-authored the world’s first publicly-available specification on carbon management in infrastructure, PAS2080.; ; We recognise our responsibility to manage environmental risks and identify safeguarding and improvement opportunities. We have dedicated environmental specialists in areas of air quality, noise, landscape, cultural heritage, water resources and a dedicated global practice leader who draws together expertise and good practice. We know protecting the environment creates sustainable, safe communities and we have extensive experience in delivering environmental impact assessments (EIAs) to our clients to ensure projects are delivered in an environmentally responsible way. ; ; Our Business Management System supports the adoption of a single way of working across the organisation and ensures environmental considerations are incorporated into our internal work, as well as the services we provide to clients. We regularly conduct comprehensive Sustainability and Environmental Risk Assessments (SERAs) at project level. ; ; As an organisation we have made significant strides in reducing our carbon footprint and in 2022 we were the first engineering consultancy in the world to be certified as carbon neutral. We continue to make progress in line with our commitment to becoming a net zero organisation by 2040. ; ; National Highways chose our Moata Carbon Portal for the A303 Sparkford to Ilchester Scheme to assess carbon emissions from construction and to inform the scheme’s environmental impact assessment (EIA). By identifying and targeting carbon hotspots using the Portal our design solutions cut carbon emissions by 46%.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Covid-19 recovery

  COLLABORATING TO BEAT COVID-19 - COVID-19 continues to drive us all to work together to help communities and businesses build confidence now and for the future.; ; Through the long-standing collaborative relationships Mott MacDonald (MM) has with our clients and partners, we’re collectively identifying things we can all do, and how to execute the best outcomes in the communities affected.; ; We share the belief that together we will build confidence by keeping our people robust, innovative and our businesses focused on sustaining infrastructure, enterprise, and social outcomes. ; ; AN ALTERNATIVE RECOVERY PLAN: As we seek to recover from COVID-19, throw off economic recession and make society resilient against future surprises we must do four things.; ; 1. Set out the most important challenges; 2. Define the desired outcomes; 3. Set clear objectives; 4. Act urgently; ; Here we share a snapshot of some of our activities and ideology: ; ; A CATALYST FOR ANTIMICROBIAL RESISTANCE (AMR) PREVENTION? Supporting the Fleming Fund’s efforts to support countries with AMR challenges has contributed to more effective responses to the COVID-19 pandemic.; ; PROTECTION FOR WORKERS: A partnerships programme managed by MM will help one million people across Africa and Asia by supporting vulnerable workers and their families through the pandemic.; ; DELIVERING INTERNATIONAL DEVELOPMENT SERVICES: Throughout the COVID-19 pandemic, MM has delivered aid-funded programmes worldwide ensuring that urgent responses are also sustainable.; ; FUTURE-PROOF DECISION-MAKING: The disruption caused by COVID-19 has made it only too clear that the future will be characterised by volatile change and uncertainty.; ; GENERATING A GREEN RECOVERY: The UK’s recovery from COVID-19 and its economic impact will be all the better if it is a green one.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Tackling economic inequality

  We recognise EDI is a strategic business priority with a clearly demonstrable business case and our commitment to equality, diversity, and inclusion. We have:; ; • Achieved gold status under the National Equality Standard (NES) - the highest rating available for the highest benchmark a business can achieve for EDI good practice in the UK. ; ; • Won ‘Best Emerging Talent Strategy’ at the Firm Awards, which recognise efforts in developing and achieving a diverse talent pool. ; ; Our Corporate Social Responsibility Strategy prioritises achievement of meaningful skills and employment through provision of grant funding, volunteering, and skills transfer. ; ; SUPPORTING GROWTH OF REGIONAL BUSINESSES; ; We fully support mentoring and supporting local businesses by proactively recruiting a diverse supply chain. This benefits both small and medium-sized enterprises (SMEs) and voluntary, community and social enterprises (VCSEs). SMEs account for more than 50% of our suppliers and we are committed to building on the diversity of our supply chain. We participate in ‘Meet the Buyer’ days through our membership of Minority Suppliers Development UK Ltd, and trade shows. We require our supply chain to share similar social and environmental sustainability values and actively support them to do so. ; ; COLLABORATIVE BEHAVIOUR; ; To ensure our clients benefit from our collective knowledge and experience, we encourage collaborative behaviours with our supply chain.; ; SCALABLE SOLUTIONS; ; Our Osprey service now builds on our shared Moata environment, demonstrating our commitment to supporting scalable and future-proofed technologies.; ; MANAGING CYBER SECURITY; ; Our Cyber Essentials Plus accreditation demonstrates our commitment to applying government-backed best practice when managing online security threats.; ; PROMOTING INNOVATION; ; Giving staff opportunities to innovate creates better results for communities and new, more effective solutions for old challenges. We have an annual innovation and excellence fund to enable this. ; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Equal opportunity

  Mott MacDonald's common values are set out in our vision, mission, and values. A key element of the policy is RESPECT. We respect the natural environment and community in which we work, we cherish the rich diversity in the abilities and talents of all people and cultures, and treat each other with the respect we would want from others. ; ; Our EQUALITY, DIVERSITY AND INCLUSION (EDI) efforts involve a range of initiatives and actions to help us achieve:; ; • EQUALITY, by removing barriers and ensuring everyone has equal access to opportunities. ; ; • DIVERSITY, by creating a workforce which reflects the diversity of the communities we work in at all levels of the business. ; ; • INCLUSION, by meeting the varying needs of our colleagues so everybody feels engaged, respected and able to achieve their full potential. ; ; The Group EDI policy establishes responsibilities and makes clear that unfair discriminatory behaviour will result in disciplinary action. ; ; We are committed to:; ; • Making reasonable adjustments to ease any difficulties experienced by employees with disabilities in carrying out their work within its standard conditions of employment. ; ; • Ensuring that all members of staff are afforded equal opportunity when consideration is given to staff training and development. ; ; • Conducting annual pay reviews and checks to ensure pay parity between the sexes for jobs of equal market value and job holders of equal qualification, experience, and ability. ; ; • Ensuring that no job applicant or employee receives less favourable treatment, directly or indirectly, on the grounds of age, disability, caring status e.g. gender, race, colour, sexual orientation, etc.; ; • Promoting inclusion through the development of apprenticeships, work experience and similar programmes.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Wellbeing

  WELLBEING is integral to our business as it affects and influences all areas of daily work. In 2016, Mott MacDonald signed the UK’s Time to Change pledge, reflecting our commitment to reduce mental health stigma and discrimination in the workplace. ; ; Our ambition is to CREATE A ‘BEST IN CLASS’ WELLBEING CULTURE, where we can collectively and individually thrive.; ; This is done by addressing the following wellbeing concerns:; ; • DEMANDS: taking account of the demands of our work; responding to individuals; matching skills and responsibilities to the job.; ; • CONTROL: encouraging the development of skills, consulting staff over work patterns; considering the pace of work and its impact.; ; • RELATIONSHIPS: creating an environment where bullying and harassment are not tolerated; preventing or resolving unacceptable behaviour.; ; • ROLE: be clear about what staff need to do; ensure staff can raise concerns.; ; • CHANGE: provide timely information; consult; understand the impact of change.; ; • SUPPORT: provide information, support, and adequate resources; practice connected conversations, coaching, and mentoring; highlight external support.; ; How do we do this ?; ; • Setting clear actionable KPIs informed by reliable reporting and leading indicators; ; • Clear governance, roles, and responsibilities; ; • Programme of investment for Mental Health First Aiders, line managers, and wellbeing champions; ; • Regular wellbeing pulse surveys; ; • Review of IT platforms: leverage technology ; ; • Employee Assistance Programme – independent, free and confidential 24/7 advice line which is answered by qualified and accredited counsellors for support on financial, legal and specific mental health support.; ; • Targeted training for managers in mental health awareness; ; • Private health care for our staff; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

Pricing

• Price: £64,500.00 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology+systems@mottmac.com. Tell them what format you need. It will help if you say what assistive technology you use.