Microsoft Project Online retires September 30, 2026, migrate to a modern platform before it's too late.Start migration
ENTERPRISE+ feature — built for regulated PMOs

Enterprise project governance

Twelve-stage proposal pipeline with multi-reviewer gates, weighted evaluation criteria, Change Control Board workflow, and an audit trail that holds up under SOX, HIPAA, and federal review. Built for the PMOs that actually need governance, not the ones that think they do.

See ENTERPRISE pricing Take the PMO Maturity Assessment

The 12-stage pipeline

Every proposal moves through a canonical state machine. Sponsors see where they are; reviewers see what's pending; PMOs get a defensible audit trail.

  1. 1

    Draft

    Sponsor captures the initial idea — title, business case stub, rough estimate. Visible to sponsor only.

  2. 2

    Submitted

    Sponsor submits for first-pass triage. Auto-routes to PMO inbox.

  3. 3

    Initial Review

    PMO reviewer triages: in-scope, deferred, or rejected. Reviewer panel configurable per gate.

  4. 4

    Assessment

    Cross-functional review (security, finance, ops). Multi-reviewer gate with quorum logic.

  5. 5

    Business Case Review

    Sponsor returns with full business case. Weighted-scoring evaluation criteria per gate.

  6. 6

    Plan Review

    Detailed delivery plan: schedule, resource allocation, risk register. Final pre-execution gate.

  7. 7

    Approved

    Pipeline → execution handoff. Auto-creates the project from the proposal.

  8. 8

    In Execution

    Active delivery. Project is now visible on portfolio dashboards.

  9. 9

    On Hold

    Temporary pause; restored to previous stage on unhold.

  10. 10

    Cancelled

    Closed before execution. Audit trail preserved for retrospective.

  11. 11

    Completed

    Delivered. Lessons-learned + benefits-realisation review.

  12. 12

    Rejected

    Did not pass a gate. Reason and reviewer recorded for transparency.

Six governance capabilities

Specific, scoped, audit-friendly. No "configurable workflows" hand-waving.

Multi-reviewer gates with quorum

Designate per-gate reviewer panels (PROPOSAL_REVIEW, BUSINESS_CASE_REVIEW, PLAN_REVIEW). Auto-creates ProposalGateApproval rows on review-stage entry. Quorum logic: any single rejection rejects the proposal; all approvals advance it; otherwise stays pending.

Per-gate evaluation criteria

Configure weighted scoring criteria per gate: strategic fit, business value, risk profile, resource availability. Org-scoped overrides on top of global defaults. Reviewers score each criterion; the platform computes the weighted total.

Role-based reviewer access

Designated MEMBER-role gate reviewers can submit reviews even without org-level governance permission, scoped to specific gates. Removes the "give everyone admin so they can review proposals" anti-pattern.

Change Control Board (CCB)

Formal scope/schedule/budget change request workflow per project. CRs go through review with designated CCB members, status tracking (DRAFT → SUBMITTED → UNDER_REVIEW → APPROVED/REJECTED → IMPLEMENTED). Audit trail preserved.

On-hold preservation

Putting a proposal on hold preserves the previous stage. Unhold restores it — not a hard-coded fallback to SUBMITTED. Important for regulated industries where stage transitions must be reversible without losing context.

Sponsor notifications + audit

Sponsors notified on every gate decision, stage transition, and auto-project creation. Every transition writes an AuditLog row with actor, timestamp, before/after state, and details. AuditLog retention follows the per-org RetentionPolicy.

Regulated-industry posture

Three contexts where the governance + audit + retention stack actually has to hold up.

Finance / SOX

Stage transitions are auditable with before-and-after diffs. Multi-reviewer gates enforce segregation of duties. CCB workflow gives a defensible change-control trail. Audit retention configurable to 7+ years on ENTERPRISE+.

Healthcare / HIPAA

Per-tenant data isolation. Audit log captures every access to PHI-adjacent records. Designated reviewer access means clinical staff can review without becoming admins (and gaining broader access).

Federal PMOs / FedRAMP-style

Self-host on ENTERPRISE_PLUS for sensitive workloads. Audit log + SCIM provisioning + IP allowlist + SAML SSO meet typical federal evidence requirements. Customer-managed encryption keys (CMK) available at the highest tier.

Onplana ships SOC 2 Type II controls today; formal third-party audit in progress. SOC 2 certification status, retention configurations, and per-tier feature flags are documented in /security.

Migrating Project Online governance?

Project Online retires September 30, 2026 — taking SharePoint workflow-based governance with it. Onplana's 12-stage pipeline + CCB workflow is the closest direct replacement for organisations running formal proposal-to-project governance. Migration imports existing in-flight projects; new proposals enter the pipeline at Draft.

See migration pathCompare to Planner Premium

Frequently asked questions

What plan tier do I need for the 12-stage pipeline?
ENTERPRISE plan minimum. Governance is the most capability-heavy feature in Onplana — it's not a starter capability. Mid-tier plans (PRO, BUSINESS) get the proposal model itself but not the full 12-stage workflow with multi-reviewer gates and audit trail. ENTERPRISE_PLUS adds customer-managed keys and self-host options on top.
Can I customise the 12 stages or the gate criteria?
The 12 stages are fixed (DRAFT through REJECTED) — they're the canonical state machine. Within those stages: per-gate evaluation criteria are fully configurable per org, and per-gate reviewer panels are configurable. The CCB workflow has its own DRAFT → SUBMITTED → ... state machine that's separately configurable. The structure is opinionated; the contents are yours.
How does multi-reviewer quorum logic actually work?
On entry to a review stage, ProposalGateApproval rows are auto-created — one per designated reviewer. Each reviewer submits an APPROVED or REJECTED decision. Logic: (1) any single REJECTED → proposal rejected; (2) all APPROVED → proposal advances; (3) otherwise → stays at current stage with quorumPending: true in the API response. Reviewers can change their mind before quorum is reached.
Does the audit log capture enough for SOX / HIPAA?
Yes for SOX and most HIPAA contexts, with caveats. Onplana writes AuditLog rows on every governance state transition with actor identity, timestamp, before/after diff, and request method/path. Retention follows the per-org RetentionPolicy (presets: STANDARD / GDPR / HIPAA / FINRA / SOC 2 / CUSTOM). For regulated workloads we recommend the HIPAA preset (6 years user, forever org, forever audit) and ENTERPRISE_PLUS self-host.
Can governance and CCB run on the same project?
Yes — they're separate workflows with separate state machines. Governance gates new proposals from idea to project creation. CCB handles changes to in-flight projects (scope, schedule, budget). Both write to the audit log, both have designated reviewer panels, both are gated to ENTERPRISE+.
How is "designated reviewer" different from "ADMIN role"?
Pre-2026 Onplana required org-level governance permission to submit gate reviews — typically MANAGER or ADMIN role. That bundled too much: clinical reviewers, finance reviewers, and security reviewers don't need broader admin access. Designated reviewers fix this: a MEMBER-role user can be designated for specific gates and submit reviews scoped to those gates only, without becoming an org admin. Least-privilege governance.

Talk to us about ENTERPRISE governance

ENTERPRISE plan + walkthrough. We'll map your current governance model to the 12-stage pipeline before you commit.

Book governance walkthrough See ENTERPRISE pricing