Mosaique Limited

Aspyre

Aspyre is a cloud-based, portfolio, programme, project & PMO management software tool with a proven track-record of: increasing the visibility of your portfolio of programmes and projects; ensuring consistent, standardised and real-time reporting; achieving significant financial savings; enabling seamless, collaborative working with external organisations; promoting innovation by capturing ideas.

Features

• Portfolio, programme, project and PMO management
• Risk and issue management
• Planning management - Milestones, tasks, deliverables & dependencies
• Strategic objectives, KPIs and efficiency targets
• Financial (savings and costs)and other benefits management
• Ideas and Initiatives management
• Meeting minutes and agendas - improves meeting administration
• Lessons learned information
• Resource planning and tracking
• Extensive reporting suite and multiple dashboards

Benefits

• Improves visibility of portfolios/programmes/projects across your entire organisation
• Provides a consistent way of working
• Significantly reduces the time taken to produce reports
• Data is entered once but reported in many ways
• Facilitates better planning of programmes and projects
• Enables seamless collaborative working, internally and with external partner organisations
• Allows lessons learned to be captured, shared and reported on
• Effectively manages your resources
• Helps to ensure programme/project benefits are realised
• Extensive in-house public sector experience to help facilitate implementations

£15 to £30 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@mosaiquegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

808549790589263

Contact

Neil Cassidy
01564 711201
enquiries@mosaiquegroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The service may be unavailable for a short time after 21:00hrs to allow for periodic updating of the application.
• System requirements:
  • Connection to the internet
  • Web browser - all common browsers and versions are supported

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our cloud-based ticketing system will instantly log all calls and reply back to the sender with an email acknowledging receipt.; Support is available during standard office hours of 09:00 to 17:30, Monday to Friday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All clients can access support using the Help facility in Aspyre or by submitting an email to our dedicted support team.; ; We also provide a dedicated technical account manager that can be contacted via phone or email.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Since the COVID-19 pandemic we have only provided online training although we are happy to attend onsite, if required.; ; Extensive user documentation, templates, training manuals and 'How To' videos can be found within the 'Help' section of the application. Hard copies of all documentation can also be provided, if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract data themselves via an xml export facility (this can be done at any time).; We can also provide a flat file of client data at the end of a contract.
• End-of-contract process: We can provide a flat file of data at the end of a contract. This will not include any external documents that a client may have uploaded to the application. These can be retrieved by the client themselves or we can carry this out on their behalf but this would incur additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference other than screen size. The application automatically resizes to fit the available screensize. If data is amended using a mobile device then this will automatically be reflected in the desktop service, and vice versa.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: As part of an Aspyre Package, we will carry out the initial configuration of your system based on working directly with yourselves and sharing our extensive experience of working with similar clients. We will also train a number of your own users to be in-house 'Administrators' so that they will be able to carry out these tasks autonomously in the future.; ; Aspyre can be configured in the following ways:; Functionality/screens can be enabled/disabled.; Additional data fields can be added and/or removed, if not required.; Data field names on each screen can be amended to suit.; Choices in drop-down lists can be added to/amended.; Data fields can be made mandatory.; Hover text (on-screen guidance notes) can be added to assist users.; Logos can be uploaded and assigned to different areas of Aspyre, as required. The relevant logo is then automatically included on all reports generated from Aspyre.; ; Unlike other systems, Aspyre allows multiple configurations of all the functionality mentioned above to be applied to different areas of the 'tree structure' - this allows separate organisations and/or departments to work in the exact way that they want and produce the required reports for their respective audiences.

Scaling

• Independence of resources: All clients have their own database providing independent resource for their data. The web tier platform auto-scales based on end user demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Users with Administrator level access can use a suite of administrative tools including an 'Audit Trail' facility.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export data via Aspyre's xml reporting functionality. All other reports generated within Aspyre can also be exported into common formats such as .pdf, .xls, .doc, .ppt, etc. and exported.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xml
  • Pdf
  • Docx
  • Pptx
  • Image
  • Rtf
• Data import formats:
  • CSV
  • Other
• Other data import formats: .mpp

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Please refer to 'Addendum 1 - Service Level Agreement' which can be found in the document - Aspyre Terms and Conditions for G-Cloud 14.
• Approach to resilience: Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 14.
• Outage reporting: Please refer to 'Section 3. Data Backup, Restore & Disaster Recovery' of the uploaded document - Aspyre Service Definition for G-Cloud 14.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Our management interfaces use role-based access control to limit; functionality to specific user accounts.; These Administrator roles can be used by clients to tailor functionality of the application, setup and configure user access rights, etc. They can also be configured so as to only have Administrator rights for a particular area/division/department.; Our support staff have global access to the entire application in order to be provide first-class levels of support.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 05/11/2019
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001 accreditation mentioned above applies to the data hosting provided by our third-party partners, AWS. Further documentation around this and any other data-hosting related information is available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: It is the Policy of Mosaique Limited to ensure that:; i) Information will be protected from a loss of: confidentiality, integrity and availability.; ii) Regulatory and legislative requirements will be met.; iii) Business continuity plans will be produced, maintained and tested.; iv) Information security training will be available to all staff.; v) All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager.; ; Guidance and procedures have been produced to support this policy. These include incident handling, information backup, system access, virus controls, passwords and encryption.; The role and responsibility of the designated Information Security Manager is to manage information security; and to provide advice and guidance on implementation of the Information Security Policy.; The designated owner of the Information Security Policy has direct responsibility for maintaining and reviewing the Information Security Policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a robust and mature change process that is fully integrated throughout all areas of the business asset change lifecycle.; Change and configuration management activities conducted by Mosaique include: logging and scheduling of service requests received from clients, impact and risk analysis of proposed changes in liaison with relevant 3rd parties, including change approval, security review and regression planning, maintenance of a log of changes; a summary of relevant changes is provided to customers on a quarterly basis.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our centralised patch management and monitoring process, we ensure that operating system patches and enhancements are assessed and applied to our management and customer infrastructure in a regular, timely manner with the minimum impact to service. Any minor updates that may be required are carried out to the server after 21:00hrs.; We maintain our situational awareness of new and emerging threats through engagement with vendors, CERTS and specialist groups.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All Aspyre data is held by our third-party data hosting provider - Amazon Web Services (AWS).; ; AWS undertake to provide monitoring, management and issue resolution for the server hardware, operating system, web services and Internet from their Tier-4 Data centre.; ; Monitoring of hardware, specific processes and agreed applications are managed via AWS's monitoring solution.; ; The core networking infrastructure, including switches and firewalls, and every server hosted in the AWS Environment are monitored around the clock. Server monitoring includes network connection, http response, processor usage, disk space usage as well as key processes and services.
• Incident management type: Supplier-defined controls
• Incident management approach: We operate a well-defined and established incident management process to log, assign and diagnose incidents based upon urgency and impact and to restore service operation as quickly as possible with the minimum of disruption, in line with our SLAs.; Users will report incidents via email to our Aspyre Support team.; An incident priority will be established and the incident will be logged on our ticketing system.; Diagnostics and investigations will be carried out until the incident has been satisfactorily resolved.; Please refer to the following document for further information - Aspyre Service Definition for G-Cloud.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As a supplier of a cloud-based software application, we leverage video conferencing as much as possible to negate the impact of travelling to and from our clients. Since the Covid-19 pandemic we have managed to carry out 100% of all onboarding, training and other regular meetings using video conferencing, which has significantly reduced our greenhouse emissions.

Pricing

• Price: £15 to £30 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Core functionality included in 30-day trial version:; Summary Information; Details/Project Initiation Document (PID); Risks & Issues; Milestones; Plan (including Gantt); Document Storage; Meetings Module; Reporting Suite; ; Excluded Functionality:; Benefits; KPIs & Objectives; Actions; Deliverables; Resources; Stakeholders; Team; Lessons Learned; Finances

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@mosaiquegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.