Program Planning Professionals Ltd (t/a MI-GSO | PCUBED)

OnePlan - for better adaptive portfolio and project management

OnePlan is a cloud-based PPM solution providing a single place to manage all project work, resources, finances, risks and issues. This extends to cover portfolio management, OKRs, ideation, modelling and optimisation. All of this is supported with security and audit functionality and an AI agent providing insight and guidance.

Features

• Central database, supporting project, programme, portfolio, resource, and financial management
• Waterfall, Agile and Hybrid task management supported.
• Fully and extensively configurable at all levels.
• Manage Objectives, Key Results (OKRs) and their dependencies.
• Idea management and Portfolio optimisation and alignment.
• Fully configurable RAID and AI driven Insights for Project Managers
• Standard integration with multiple other planning solutions e.g. JIRA, Smartsheet.
• Bi-directional interface with Microsoft Project Desktop.
• OpenAI based agent referencing project and resource information.
• Microsoft365 app, integrated with Microsoft Teams, Power Automate and PowerBI

Benefits

• Single data source delivers consistent and accurate reports and insights.
• Central view of all delivery - agile, waterfall, hybrid.
• Minimises change impact by supporting multiple planning and delivery applications.
• Microsoft Project Online alternative - bi-directional Microsoft Project (desktop) interface
• Improved strategic delivery from aligning projects to objectives.
• Adapts to future needs with a highly configurable platform.
• Low cost and standard configuration templates deliver rapid value.
• Improved insight via standard reporting in Microsoft PowerBI
• Rapid adoption via AI support for tasks, training and support.
• Direct and secure deployment as cloud-based SaaS.

£5 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.info@migso-pcubed.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

862347534673409

Contact

Mark Sorrell
020 7462 0100
uk.info@migso-pcubed.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no other foreseeable constraints to the Services (e.g. maintenance windows, level of customisation permitted, schedule for deprecation of functionality/features etc.)
• System requirements:
  • Microsoft Edge, Firefox, Chrome, Safari
  • The consumer must have the ability to access internet
  • Specific Log in accounts (licences)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: There are agreed response times depending on the severity of the issue and whether Premium Support has been purchased. While the technical support team operate EST working hours (Mon-Fri) there are UK based resources which can be contacted for immediate issues and to see if ticket is required. Technical support is not available at the week-ends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There are 4 levels of severity defined (Urgent, High, Medium, Low) and these are client assessed. Response to support queries raised online are not charged.; ; Typically resolution of incidents is managed by email and / or chat conversations.; ; It is possible to purchase Premium Support which, apart from other benefits provides faster initial incident response times and video /remote access support.; ; It is unlikely on-site support would be required as this is a Software as a Service product. There is a UK based OnePlan team and if required they could be engaged on-site at additional cost.; ; It is also possible to gain additional support for deployments and post deployment support can be obtained via an associated PPM Deployment Service. The specific coverage for support e.g. access will be agreed on a client by client basis. Services for a range of PPM related skills can be provided
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Envisioning workshops, training , change management, providing a dedicated delivery team and support where necessary. This is available in the PPM Deployment Service.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: OData - extracting PO data to a Microsoft Excel spreadsheet and saving project plans in Microsoft Project
• End-of-contract process: Data is stored in Microsoft Azure. If the Service is terminated, Microsoft will retain access to the data for 90 days (the retention period) and then all data will be deleted from all of their servers

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop version can be used on a mobile and reports built specifically for mobile review.; There is also a specific mobile app which is more focused on "team member's" use and provides work overviews, time tracking.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: OnePlan has an open REST API that allows both read and write transactions e.g. for use by Microsoft Power Automate.; ; There is also an OData API that is specifically for reporting style application and is read-only.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The solution is highly configurable with many options. The type of plans can be set to be projects, programmes, ideas, objectives or anything else that requires planning. Any number of supporting artefacts for each plan such as risks, issues or changes can be built. Each of these types, as well as resources, can have an unlimited number of additional attributes defined.; The attributes can be of many types e.g. text, date, person, picture and each can contain a value, be calculated (via a formula) or “rolled up”. Calculations can include any field from the plan or any of its’ items. For example, a field called “Imminent Red Risks” which counts the number of risks with a red status from all underlying risks, if the trigger date is next month. Very flexible, very powerful.; Fields can be colour coded e.g. white text, red background based on conditions, which can be values from other fields.; Different types of finances can be configured e.g. budget, forecast, and different types of resource allocation e.g. committed, proposed. The Plan Details page and all views can be configured.; Overall, a very flexible and configurable product which can be configured for today knowing it can support tomorrow.

Scaling

• Independence of resources: This is a cloud based and shared infrastructure service. Microsoft Azure will automatically scale for peaks to ensure consistency of performance but, as always, performance experienced by the user can be impacted by a number of other factors, including workstation performance and network issues.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: OnePlan

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can use OData or Microsoft Excel to extract or export their data. Microsoft Excel is used within the application and can export e.g. financial data for a project. There are multiple points where this type of access can be selected. ; There is an OData API (for reporting) which provides access to all user input data and Microsoft Excel or PowerBI (or any other OData enable tool) can extract all data across all projects.; There is also a full REST API which could be used for complex extraction / or application integration but this requires custom coding.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MPP
  • Smartsheet
  • JIRA
  • AzureDevOps
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: OnePlan has SOC2 Type II Compliance which defines a minimal level of security for confidentiality, security and integrity.; ; All data is stored within the Microsoft Azure architecture which provides minimum 256 bit encryption and has many certifications including GDPR and EU Model Clause certification.; ; Regular penetration tests are conducted and results can be made available on request.; ; In addition to Microsoft backups, separate nightly backups are taken and stored in geo-located Microsoft Azure storage.

Availability and resilience

• Guaranteed availability: OnePlan is expected to achive a minimum of 99.95% availability, with backup, disaster recovery and resilience plans in place. Outside this SLA there are Service Credits applied to compensate
• Approach to resilience: This data is available on request
• Outage reporting: Outages both planned and un-planned are notified by email to registered owners of the solution. Planned outages can also be notified in the service itself

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: User access to interfaces is made possible with a user account.; Without an account, a user cannot access the service.; Access to the service is limited to authenticated and authorised users. ; Usernames and password control remain under the buyers control.; ; As the application runs as part of the organisation's Microsoft 365 platform the authentication is inherently identical to that organisation's security model. The application only validates against an authorised Active Directory account.
• Access restrictions in management interfaces and support channels: Access can be restricted based on the role of the user (administrator, team member with edit right, or only viewer).; In addition, if the user does not have a user account, they are restricted from the service.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company
• ISO/IEC 27001 accreditation date: 18/05/2021
• What the ISO/IEC 27001 doesn’t cover: This certification applies to the underlying Microsoft Azure platform on which OnePlan is built; It does not cover any OnePlan specific elements of the overall solution
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19 June 2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: This certification covers all of the MIcrosoft elements of this solution e.g. data storage, backup and recovery elements of the solution.; Other parts of the solution are not covered
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All data is stored within the Microsoft Azure data architecture and subject to all Microsoft security policies and processes (available via the Service Trust Platform aka.ms/step).; Azure uses encryption to protect communications and operational processes including your data in transit. Azure also offers encryption for your data at rest.; ; Data segregation: Azure uses logical isolation to segregate storage and processing for each customer to help ensure that your customer data is not combined with anyone else’s.; ; Data encryption: Azure supports various encryption models, including both client-side and server-side encryption. See the Azure Security Fundimentals Encryption overview for more information.; ; For data at rest, Azure offers a wide range of encryption capabilities.; ; For data in transit, Azure uses industry-standard transport protocols such as TLS 1.2+ between devices and Microsoft datacenters and within datacenters themselves.; ; Data redundancy: Data in your Azure storage account is always replicated to ensure durability and high availability. See Azure storage redundancy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any bug fix is implemented into OnePlan QA environment and tested thoroughly using standard regression testing before being pushed into Production. This includes security testing; All client environments use code from OnePlan’s cloud-based Production environment. ; Microsoft conducts regular penetration testing to improve Azure security controls and processes. In addition, OnePlan performs our own penetration testing and code scans before and after every production update
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Every OnePlan service is monitored 24 hours a day, 7 days a week, 365 days a year using monitoring services provided by Microsoft Azure. The following services are monitored:;  PING;  Static HTTP;  Processor and Memory Usage;  Hard Disk Usage; If a test fails, OnePlan applies the following escalation:; Within 5 minutes during business hours, 8:00 a.m.-6:00 p.m. (PST) Monday to Friday or 30 minutes at other times; ; Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software to help protect systems from unknown vulnerabilities
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring and logging: Centralized monitoring, correlation, and analysis systems manage the large amount of information generated by devices within the Azure environment, providing continuous visibility and timely alerts to the teams that manage the service. See Azure infrastructure monitoring.; ; Update management: Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software to help protect systems from unknown vulnerabilities.; ; Antivirus: Azure software components must go through a virus scan before deployment.; ; Penetration testing: Microsoft conducts regular penetration testing to improve Azure security controls and processes.
• Incident management type: Supplier-defined controls
• Incident management approach: Configuration, incident response and protective monitoring are all demonstrated in Microsoft’s compliance with the ISO-27001 information security standard.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MIGSO-PCUBED understands the importance of the Nation fighting climate change, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Deliver Green Together Community of Purpose (DGT CoP). Their scope includes ensuring our business is keeping pace with the sustainability agenda both internally by reducing our impact on the environment, and externally by assisting in sustainable projects and influencing client's sustainability considerations.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, provide the support and collaboration required for successful project delivery to be undertaken remotely. This implicitly reduces the need for face-to-face meetings and reduces individual and organisational carbon footprints. The availability of digital reporting, the enhanced user interfaces also reduces, ideally to zero, the need for any paper reporting.

  Covid-19 recovery

  MIGSO-PCUBED understands the importance of the Nation recovering from Covid-19, and we have incorporated the guidance within CCS PPN 06/20 in our work. However, since 2022 we have subsumed this theme into the four other themes

  Tackling economic inequality

  MIGSO-PCUBED understands the importance of the Nation tackling economic inequality, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Equity, Diversity and Inclusion Community of Purpose (EDI CoP) with a number of related Affinity groups that contribute to our work in this area. Examples include our MPower Apprentice Programme and the opening of our Hubs in Birmingham and Manchester.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, increase the ability of everyone associated with the delivery of a project to work from any location, and potentially in any time-zone. This flexibility allows the users of any solution to be located anywhere with minimal cost to participate, removing a barrier to users needing to be based in areas of high economic wealth or for individual users to require a significant level of investment before they can be included.

  Equal opportunity

  MIGSO-PCUBED understands the importance of the Nation having equal opportunities, and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Equity, Diversity and Inclusion Community of Purpose (EDI CoP) with a number of related Affinity groups that contribute to our work in this area. We strive to shape and nurture a culture where everyone is valued; where inclusiveness is a reflex, not an initiative and where EDI underpins our values and everything we do. Internal initiative examples include launching a reverse mentoring scheme and we are in our fifth year of supporting the 30% Club.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, have no weighting that favours or disadvantages any sector of possible users. There is no discrimination of or restrictive element which could apply to anyone regardless of age, gender, sexuality or religion.

  Wellbeing

  MIGSO-PCUBED understands the importance of the Nation being a healthy nation and we have incorporated the guidance within CCS PPN 06/20 in our work. We have an active Wellbeing Community of Purpose (CoP). We want to bring wellbeing to the top of everyone's agenda and contribute to a culture that prioritises the support of our people, encouraging them to nurture their own and others’ health. Over 140 UK consultants have attended a mental health awareness course and we have over 10 mental health First-Aiders.; MIGSO-PCUBED services and products are focused on building, maintaining, extending and ensuring the success of cloud-based solutions. These solutions, when deployed successfully, increase the ability of everyone associated with the delivery of a project to work flexibly in terms of both hours and location. This provides the ability for everyone to adapt their working style to fit closer to their ideal work-life balance which contributes to an individual’s wellbeing.

Pricing

• Price: £5 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free fully functioning trial is available for a period of upto 7 days (extended on request)
• Link to free trial: https://oneplan.ai/trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.info@migso-pcubed.com. Tell them what format you need. It will help if you say what assistive technology you use.