Bubble Ltd.

Bubble PPM - Project Portfolio Management Software

Bubble PPM is a powerful project and portfolio management software. Dashboards and metrics provide outstanding visibility and control for senior management, while process models support project governance and team collaboration. A single source of truth for fact-based decision making and project management, it’s highly configurable, quick-to-deploy, easy-to-use and well supported.

Features

• Portfolio Dashboards (Fully configurable to plan / monitor investments)
• Real-time Portfolio Analysis & Scenario Planning Tools
• Critical path analysis
• Supports waterfall and hybrid project management processes
• Business Case, Financial and Risk Management tools
• Project Selection and Prioritisation tools (e.g. Balanced scorecards)
• Project Process Governance and Management
• Fully configurable Metrics (e.g. 1-click Chart builder / Reporting tools)
• Resource, Task & Capacity Management Tools
• Personalised / Team Task Lists, Timesheets, etc.

Benefits

• Better performing portfolios (in both the short and long term)
• Productivity and efficiency gains across all projects
• A flexible and usable system that’s quick to deploy
• Improved visibility and control at both portfolio & project level
• Forecast future resource needs and ensure they are balanced
• Ensure projects align to strategic goals and interdependencies are clear
• Shorten project leadtimes
• Highlight, monitor and manage Project Risks
• Streamlined / simplified reporting at both portfolio & project levels
• Multi user and remote access to aid team collaboration

£25 to £45 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at markillman@bubblegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

940527158714063

Contact

Mark Illman
01223 852 664
markillman@bubblegroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Bubble PPM software has a better than 99.9% availability record, including minimal downtime for scheduled upgrades. Required maintenance slots are typically bug fixes, minor improvements and system enhancements. ; ; Maintenance slots are usually performed outside of client business hours. EU hosted instances are updated between the hours of 06.00 and 08.00am (GMT). ; ; Generally planned maintenance slots require less than a few minutes of downtime per week (clients are advised in advance if outage is anticipated to be longer than 30 minutes).
• System requirements: Modern Web Browser (Chrome, Safari, Firefox etc)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our cloud software includes: User support desk, help site and ticket resolution, and a Personal account contact point (for key stakeholders). Support requests and tickets are monitored continuously (including weekends/public holidays - during which time urgent/critical requests are addressed). Bubble have 4 support level standards for response. Severity 1 incidents are addressed 24 x 7. All other severity incidents are supported 07:00 – 18:00 (GMT) Mon – Friday. During this time, we have a target response time of 1 hour for severity 1-2 incidents, 4 hours for severity 3 incidents, and 1 working day for severity 4 incidents.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: During the deployment phase of our software, the following support is provided as part of the one-time set up fee: ; • Initial system configuration ; • Setting up of the customer data archives ; • System validation ; • Deployment of the customer instances (Production and Test) ; • Initial user training for up to 50 users. ; • Support for initial population of system data.; ; Additional user training, if required, can be organised separately as part of our Lot 3 Bubble PPM Cloud Support services. ; ; Once deployed, the following support is provided as part of the license fee, at no additional cost to the customer: ; • A range of on and off-line training support materials (e.g. Quick Start Guides, Help Sheets and ‘How-To’ Videos) ; • Online help site ; • Live help desk (e.g. direct emails and ‘feedback’ button) ; • All clients have an Account Manager with whom they can address all aspects of the software and service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Bubble PPM software deployments are performed by our specialist consultants who work with each customer to define a configuration document. Through this process, we identify deployment objectives; process scope; process models; financial models and metrics; training and technical support needs. Each implementation is configured to suit the individual customer's needs, so there is no absolute rule for timings of deployment. However, depending on the degree of configuration required, an initial instance of the Bubble PPM software can be made available to system administrators within 2 weeks of the award of the contract, and a fully configured system is usually ready for deployment within 6-12 weeks. The deployment process focuses the customer’s implementation needs and the formalization of delivery requirements. This commonly includes (remote or in person) workshops to define: - Process models - Roles and responsibilities - Financial models - Resource management - Governance and relevant business processes - Metrics, dashboards, and reports - Interfaces with other processes - Training and roll-out planning. Once the system has been configured we go through a sequence of: - User acceptance testing - Training for users - Training for Administrators/superusers.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Bubble will make all reasonable efforts to provide data in a format that customers require. Our Bubble PPM software has a number of existing API endpoints that can be utilised by 3rd party applications to transfer data to, and read from, the system (e.g. retrieve detailed project and financial data from the system and / or export data to other systems). Almost all data can be accessed via report building function and this can always be exported into Excel.
• End-of-contract process: Upon termination of the Bubble PPM Cloud Software contract, the customer can access: • A secure site to retrieve archive export file of data for 60 days. • Relevant files, logs, configuration data such as: - Database data - Database metadata - Document attachments - Customer specific application archives During this time the Bubble support team remain available remotely to assist with general customer inquiries or questions (at no extra cost). On-site or bespoke requirements (outside the remit of the original contract) incur an additional charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop service is usable on mobile devices
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: As an end-to-end Project and Portfolio Management web application, Bubble PPM has multiple service interfaces. The system includes a range of text, data and image based modules/sub-modules.
• Accessibility standards: None or don’t know
• Description of accessibility: Generally speaking all modules (and sub-modules) are broadly accessible, but due to the multifaceted nature of the software, some advanced functions are not compliant with WCAG guidelines.
• Accessibility testing: Have carried out limited selenium tests on main modules within the application.
• API: Yes
• What users can and can't do using the API: We use our API to integrate and interface with a variety of 3rd party tools. Bubble PPM supports API calls for extracting data from its platform using REST API calls. Options are:; ; - Pre-existing REST API; - Webhooks via IpaaS; ; Integrations form part of the Bubble PPM optional Cloud Support services (searchable under Lot 3 - Cloud Support Services)
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Bubble PPM software offers a very high degree of configurability at both the system and individual user levels. This includes, but is not limited to, configurable: • Portfolio & Project Dashboards. • Process Templates. • Planning Tools (i.e. Roadmaps, Scorecards etc). • Charting & Reporting Templates. • Project & Delivery Milestones. • Project Descriptors. • Allocation of Resources / Tasks. In addition, there is a finely grained permissions system that enables the client administrators to control access and functionality levels for every user.

Scaling

• Independence of resources: As a web-based system, Bubble PPM allows simultaneous access, communications, and project progression. There is no upper limit to the total number of users, user types or projects that the software can support at a given point in time. Our AWS hosting enables us to scale our capacity at will.

Analytics

• Service usage metrics: Yes
• Metrics types: The application monitors and logs all user access. System access and service usage metrics are restricted to Super Users / Administrators. Other user types are governed by the Bubble PPM permissions model (e.g. most user types can select a wide range of project and portfolio metrics, such as project progression status, completed tasks & milestones/risk flags and other information). Permission to view metrics data can be granted to users on a per-project basis or by role type.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Bubble PPM data is stored on PostGres database instances provided by AWS Relational Database Service (RDS). These instances are upgraded automatically by RDS when new versions of PostGres are available. Data is encrypted both in transit between the database and application layers and at rest in the database. RDS provides the capability to restore the database to any point in the last 35 days to a 5-second resolution.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be seen live and at all times within the system or exported in a variety of common formats. There are a number of standard project reports available via a 1-click download feature. This includes project-to-a-page, launch / go-live reports, and key milestone reports. The report builder tool also allows users to select any metric, data table or project information to create bespoke tabulated or chart views and reports. Exports are configurable and provide options for numeric, text commentary, status summaries, and RAG indicators etc. Output formats are editable Excel spreadsheets, PPT or PDFs
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS Excel (e.g XLS / XLSX)
  • PDF
  • PPT
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel (e.g. XLS / XLSX)
  • Images can be uploaded in Tiff, JPEG, PNG formats
  • Attachments can be uploaded in any desired format
  • Manual input to system

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Bubble PPM software has a better than 99.9% availability record, including minimal downtime for scheduled upgrades.
• Approach to resilience: Kubernetes pod rolling restarts on failure, in data centre resiliency to outages. Active / passive cross data centre resiliency is available on request but may incur additional charges.
• Outage reporting: In the unlikely event of a system outage, Bubble have a procedure in place to alert users. Administrators / Super Users and key contacts would be sent an e-mail alert from a recognised contact within the Bubble support team. Bubble's e-mail system resides on servers which are unrelated to our application servers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Data input is only permitted from authorised users and only authorised users can view system output. Designated system administrators have access to a detailed permissions system which can control user access to both project and system level content.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: Original accreditation date: 16/12/2019. Last audit: October 2021
• What the ISO/IEC 27001 doesn’t cover: All data handling operations at Bubble are covered by our ISO certification (e.g. payroll, application development, data transport security etc).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Amazon Web Services (AWS) holds ISO 27001 certification.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Bubble has written policies (available on request) governing key aspects of information security relevant to the service. They include policies on: • IT Security • Security Awareness and Communication • Logical Access • Physical Access • Security Monitoring • User Authentication • Incident Management • Asset Classification and Management • Systems Development and Maintenance • Personnel Security • Change Management Separate policies cover our development and administration processes, technical infrastructure, networking, application layer frameworks.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Bubble uses SAFe Lean Enterprise 5.0 as its development methodology, with Scrum and Kanban as the day-to-day drivers of agile ceremonies.; ; Specific secure by design attributes include:; • Formally documented data privacy requirements in all work items.; • A secure development training program for all software engineers with annual refreshers, completion of which is evidenced and recorded.; • Integrated data privacy tooling within software engineering development environments.; • Robust mandatory peer review of all code prior to acceptance of a merge request.; ; The version control process is Gitflow operated within a Gitlab repository hosted on the Bubble AWS estate.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Bubble undertake vulnerability scans, keep track of vulnerability announcements and monitor information about potential threats from security mailing lists (e.g. USCERT). Where any potential vulnerabilities are identified, patches are applied as appropriate in a timely manner. Incoming traffic to Bubble PPM is routed through: a) AWS Web Application Firewall which automatically blocks IP addresses making requests at an excessive rate. b) AWS CloudFront which protects internal Bubble PPM components from common forms of DDoS attack such as UDP reflection and SYN floods. c) Nginx which directs traffic to the necessary Bubble PPM component and log unusual requests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Includes OSSEC HIDS (Host based intrusion Detection System), Trend Micro security suite and Nagios. All services are hosted inside an AWS Virtual Private Cloud (VPC). Traffic between infrastructure components (e.g. database instances) is routed over private network links, not over the Internet, and is encrypted where appropriate. Routing tables are configured to prevent inappropriate data egress and connections to internal Bubble PPM components. All traffic is encrypted using SSL/TLS encryption and modern cipher suites to prevent common SSL attacks such as POODLE. The same encryption technologies are used to protect traffic between Bubble PPM and its users.
• Incident management type: Supplier-defined controls
• Incident management approach: Data can only be viewed by authorised users. Unauthorised access attempts result in an account being locked until an administrator confirms the user’s identity/resets access. Security Groups, which block/allow traffic based on originating/destination IP and port, provide additional protection. In the unlikely event of an incident or breach, notifications are sent to administrators (by OSSEC) for investigation. E-mails are sent to affected users and communications continue until the issue is resolved. System data is secured against accidental/intentional loss. The feedback system allows users to communicate concerns at any time.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  - Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.
• Covid-19 recovery:

  Covid-19 recovery

  - Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.; ; - Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
• Tackling economic inequality:

  Tackling economic inequality

  - Support innovation and disruptive technologies throughout the supply chain to deliver lower cost and/or higher quality goods and services.; ; - Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.
• Equal opportunity:

  Equal opportunity

  - Influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people.; ; - Demonstrate action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain.
• Wellbeing:

  Wellbeing

  - Influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.

Pricing

• Price: £25 to £45 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited trial access is available on a case by case basis (where requested). We also provide in-person extended/rich demo's that cover specific modules or the software as a whole.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at markillman@bubblegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.