What is OnePlan & How Does it Work?
OnePlan is an Office 365 / Azure app that simplifies portfolio planning, provides top-down resource, financial visibility, and improves tracking of investment performance across programs & portfolios – all within a modern user interface.
High level agile portfolio and strategic planning that makes execution predictable. Make the right data-driven decisions to transform you Portfolio into business results
Simple & Central Way to Capture Proposed Work
High Level Portfolio Planning
Capture All Budget Requests and Manage the Benefits/Expenses Through the Life of the Portfolio
Status Reporting, Built-in Dashboards and Insightful Reports
OnePlan Resource Capacity Planning is designed for managers and teams who are looking for more transparency, clarity, and visibility when planning projects. The Resource Planner provides insight into your project teams availability, as well as making scheduling resources on work a painless task. You no longer need to spend time in spreadsheets – let OnePlan do the work.
Fast, Simple, Visual Resource Capacity Planning for Teams, People, and Equipment
Dynamically Manage Resource Schedules with Drag & Drop
Robust Portfolio Analysis
Visual Reporting & Analytics
OnePlan Financial Planner gives your team the power to integrate financial reporting directly into Office365. OnePlan combines top-down project financials to provide powerful insights and empower decision making. Streamline budgeting, improve estimating, and track the performance of your investments across programs and portfolios to gain full control over your project finances through seamless integration with your project management tool.
Top-Down & Bottoms-Up Project Financials
Visibility Into Project, Program & Portfolio Expenditures
End-to-End Capital Budgeting & Financial Planning
Executive Dashboards & Reports
Technology / Security
OnePlan is a Office 365 / Azure app. The app is installed in your Microsoft work management cloud experience. It uses the standard O365 app model. This means that authentication is all handled through your AD / AAD and follows all of your policies inherently.
The app is hosted in Azure and therefore has high availability and adheres to security best practices and certification requirements. OnePlan allows for tracking more data than what is stored in Office 365 (for example, high level resource planning info) and therefore does store some data. This data is also stored in Azure (Cosmos DB). A “service account” is needed to run the app. The account will need admin access to the work management platform its connected to. The stored account credentials are encrypted using Azure Key Vault. All data is encrypted on transit via SSL using Digicert certificates (TLS 1.2). API keys / token based methods are used instead of user names and passwords where supported.
Azure has a variety of certifications and is very secure. You can access more info here: https://www.microsoft.com/en-us/trustcenter/security/azure-security
For SOC reports use the following link.
We utilize Pentest-Tools.com for network penetration testing our applications to verify there are no unknown risks. We also utilize the Security Code Scan extension for Visual Studio to scan our source code for code level vulnerabilities. We follow OWASP standards. As changes are made to our application and / or network settings, we re-scan to verify no issues have been created. If a issue has been created we will resolve it before pushing it to production. If a issue is found in production, we will resolve it immediately.
Disaster recovery for OnePlan is handled by Microsoft as we use Azure services (not servers) to host OnePlan. On top of what Microsoft does we take nightly backups of all OnePlan data and store it in geo-replicated azure storage for 30 days. This helps in scenarios where data was accidentally deleted or changed, and you need to restore back to a certain point. For more information use the following link.
After any data is deleted, or you cancel your subscription, all of the data will be removed in 30 days (after the daily backups are deleted). Microsoft has policies on handling the actual physical drives that store the data. Those policies can be viewed using the following link.
The below attached file contains more information. It is a filled out CAIQ document (industry standard software security and risk assessment) with answers to common security questions.