Turner & Townsend Project Management Limited

The Hive

The Hive is our project intelligence platform, which captures all project data in one location, providing a single version of truth for referral and analysis.

The Hive software hosts a series of intelligent apps, which will be made available by Turner & Townsend to use via a Software-as-a-Service (SaaS) offer.

Features

• Generating detailed costs estimates based on user data
• Comparing project scenarios with data adjusted for various factors
• Sharing and exporting analyses generated by the software
• Producing comparative analyses of historical project costs
• Providing a single centralised location for project and cost data
• Generating reports across apps, recorded centrally and auditable
• Statistical analysis of datasets, including ability to manipulate set
• Adoption and onboarding, maintenance and ongoing support

Benefits

• Provides bespoke estimates allowing for changing user specifications
• Automatically provides insights while accounting for changing economic factors
• Produces clear and visually appealing reporting and graphics
• Able to use very large datasets to generate insights
• Allows user to sort through data with custom parameters
• Centralised location for all company project and cost data
• Greater cost certainty when building estimates
• Smooth transition and adoption of software as part of service

£5,000 to £25,000 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at edward.linford@turntown.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

969773053911665

Contact

Edward Linford
07535698416
edward.linford@turntown.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our service is configurable to each Client's capital projects data structures. The development of bespoke features or functionality would need to be engaged via a separate engagement.
• System requirements:
  • You can access by entering your company Hive URL
  • The Hive supports the latest generation of web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within one business day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Onsite support for workshops and training or liaison on client cost breakdown structures, input parameters and the Hive software configuration are included as part of our service. Any extended placement or extensive Client-site visits would require a separate engagement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our Hive Digital Team will engage users along the entire onboarding process, from workshops to understand Client cost breakdown structures and specific inputs and parameters that are useful and continued liaison across the entire design process. Once this is understood, a Client environment is launched, configured to those requirements and user guides provided. Onboarding involves training, and User Acceptance Testing is engaged across the entire launch process.; ; Once the Hive platform is launched, the Hive Digital Team are available for ongoing support and will provide any maintenance required. Quarterly workshops are engaged with all Clients to help to direct continuous improvement direction.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Freshdesk (online knowledge base)
• End-of-contract data extraction: On termination of the Agreement, Clients can request the most recent back-up of data. This will be provided with flat files in .csv format of the data that they have inputted into the Apps as well as the associated images uploaded. Any information that is provided by a third-party API (e.g. organisation information provided by the D&B database) will not be included in the download.
• End-of-contract process: As described in the T&T Digital IAM policy doc, the onboarding and offboarding processes are well integrated. Accounts are disabled as soon as contracts are terminated, which the technology implements with immediate effect or within a few minutes. User bindings to systems and applications are revoked and the accounts deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive design in browser with no separate mobile app, software is scaled.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Landing page with custom client-tailored colour scheme, logo and font. From there, various apps can be launched, depending on client's subscription package.
• Accessibility standards: None or don’t know
• Description of accessibility: For our commitment to ongoing accessibility improvements, we adopt best practices for regular testing of our accessibility scoring, running ‘Lighthouse’, Google’s open source tool that sets the standard for driving accessibility across the internet. The Lighthouse Accessibility score is a weighted average of all accessibility audits. Weighting is based on axe user impact assessments. We have plans to integrate Lighthouse into our automated software delivery pipelines, to test all new features for their accessibility before release. Any improvements are developed with accessibility specifically in mind. We always use the most up-to-date web application framework versions, and their accessibility best-practice features.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: An API can be enlisted via a separate engagement depending on the structure of Client design and their requirements. Our API can expose some of the calls that the applications make. As an example, for our Parametric Modelling app, the API works by sending a request over the internet to the Turner & Townsend cloud platform, which contains details of the overall scheme, as well as the individual buildings. The API returns a response which contains the cost of the scheme in its entirety, and for each building, as well as details of the precision and exclusions. The API calculates the cost data using a range of formulas and look-up values (termed as constants), that represent our parametric cost modelling methodology for such a scheme.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Each Hive environment is branded to the custom client-tailored colour scheme, logo and font and configured with the Client cost breakdown structure and the specific inputs and parameters that are useful, will drive value and provide insight.; ; Cost data is entered in the Client cost breakdown structure.; Project data is configured to the specific inputs that Client tracks and the environment can therefore deliver value in a way that is immediately useful.; ; Bespoke features and functionality requested outside the regular continuous improvement of the product will require a separate engagement.

Scaling

• Independence of resources: Each customer has their own segregated environment. We utilise autoscaling and load-balancing on our APIs to ensure they scale based on current request volume.

Analytics

• Service usage metrics: Yes
• Metrics types: T&T Digital collect metrics and logs for all relevant cloud components and aggregates these in a centralised logging platform.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: On termination of the Agreement or at any time during our service, Clients can request the most recent back-up of data. This will be provided with flat files in .csv format of the data that they have inputted into the Apps as well as the associated images uploaded. Any information that is provided by a third-party API (e.g. organisation information provided by the Dun &Bradstreet API integration) will not be included in the download.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Manual entry of project data in to the application interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: No guaranteed availability but best endeavours 100% uptime.
• Approach to resilience: We have adopted the UK Government National Cyber Security Centre's (NCSC) Cloud Security Principles as a framework for ensuring a structured approach to protecting customer data and designing systems and services.
• Outage reporting: We report all outages using an internal template which are provided to all stakeholders of the application.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Authorisation and access control is to be based on role and must be preceded by authentication of a unique identity. We monitor and log all privileged access. Access to, and use of, audit tools that interact with T&T Digital systems is appropriately segregated and access restricted to prevent inappropriate disclosure and tampering of log data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: T&T Digital has established formal policies for all personnel about Security, Secure Development, IAM, Incident Response and Acceptable Use providing guidelines necessary to support our services.; ; Identity and Access Management Policy; Incident Response Policy; Information Security Policy; Privacy Policy; Security Policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The team follows modern Continuous Delivery practices to get changes of all types—including new features, configuration changes and bug fixes into production, or into the hands of users, safely and quickly in a sustainable way. Policies and procedures are established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software changes on organizationally-owned cloud based infrastructure and systems components. A significant number of tools are used throughout the SDLC to achieve this.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We review our applications for security vulnerabilities and address any issues prior to deployment to production. T&T Digital has implemented a vulnerability management program to detect and remediate application vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our logging and monitoring framework allow isolation of an incident to specific tenants. T&T Digital collect metrics and logs for all relevant cloud components and aggregates these in a centralised logging platform with SIEM capabilities.; ; The project director will be responsible for reporting security incidents to the Turner & Townsend Global IT Director and the client, if security incidents are linked to their data.; ; Incident response procedures include responding to the incident and co-ordinating the effort to address the issue. A review of the incident occurs and remedial actions are carried out. All investigations are undertaken in a timely manner.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incidents are covered in T&T Digital's Incident Management policy. The incident response plans are tested regularly and at least on an annual basis. Users can report incidents via our support channels, either via email or via the Freshdesk support platform accessible via the Hive web interface. We make security incident information available to all affected customers and providers periodically through electronic methods.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We put people at the heart of everything we do and are committed to upholding and providing Equal Opportunities to all irrespective of protected characteristic throughout our organisation.; ; We meet the requirements of the equality duty in the following ways:; ; - Communicating our Equality, Diversity & Inclusion (EDI) strategy through the implementation of an EDI roadmap which clearly sets out for our employees the actions we have or will be undertaking to create an environment where all our people can succeed.; ; - Fostering good relationships with our employee network groups so we can gain valuable characteristic-specific insight, feedback and suggestions on how our strategy needs to evolve.; ; - Partnering with Women Returners providing access to job opportunities to those who have been out of work for 2 years or longer through our career returners’ programme.; ; - Setting targets for underrepresented groups, for example we have set a target of 40:60 female to male ratio across our global workforce by 2025.; ; - Publishing a comprehensive report each year to accompany our gender pay gap results, outlining the actions being taken to close the pay gap; since 2017 there has been a 11.3% reduction in their bonus gap. Further, the number of females in our top quartile of pay has increased by 1.5%.; ; - Running awareness campaigns on matters such as mental health and inclusion.; ; - Targeting schools in areas of depravity in the cities we work in through our school programme, which at primary school level focuses on inspiring and encouraging children to read. In addition, we also fund some breakfast clubs to enable children to have a good start to the day.; ; - Corporate members of Employers Network for Equality and Inclusion which allows us to access and share best practice on EDI.

Pricing

• Price: £5,000 to £25,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A pilot can be provided on a case by case basis, depending on scope and for a limited time. A Hive environment will contain agreed applications, configured to Client capital project structures, colour scheme, logo and font, and will be accessible to nominated users for an agreed period of time.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at edward.linford@turntown.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.