Microsoft SharePoint Electronic Document and Records Management (EDRM)

TSG have successful experience delivering EDRM projects using Microsoft SharePoint. Electronic document and records management solutions are designed to store documents & records using associated metadata, which is then categorised within a classification scheme and enabled for search optimisation for all users to retrieve records.


  • Enterprise level Document & Records management solution
  • Enterprise level search functionality
  • Enterprise Content Management & Information Governance
  • Integration with Office, Exchange, AD and line of business applications
  • Ongoing support of the delivered solution
  • Sector specific EDRM for Housing Providers
  • Aligns to information management policies and principles
  • Mobile and Offline Working
  • Migration from legacy systems
  • Evergreen platform using Microsoft Office 365


  • Proven track record delivering successful EDRM projects
  • Experts in supporting Housing Associations and Local Authority Housing Providers
  • Flexible project delivery
  • Secure, cloud-based service with robust access management control
  • Scale licenses up/down
  • Enabalise use of other Office 365 tools ie PowerApps, Flow
  • Remove cost of legacy applications and utilise existing O365 licenses
  • 9 x MS Gold accreditations
  • Skills transfer to internal staff including training and project management
  • Consistent and measurable improvement in everyday business processes


£950 to £950 per unit per day

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 0 3 8 2 4 1 6 9 6 8 3 0 0 0



Marketing Team


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints May need O365 licences, anti-virus software & back up to be in place if company doesn't already have Office 365.
Reliable Internet connection must be in place
Devices meet the minimum system requirements for the product
System requirements
  • Internet Explorer, Edge, Mozilla Firefox, Google Chrome or Apple Safari
  • Office 365 Licenses
  • Internet access
  • Anti-Virus and Back up

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 1 - 30 mins - P1 = Critical issue affecting multiple users
Priority 2 - 1Hr - P2 = Critical issue affecting single user
Priority 3 - 4 Hours = P3 = Minor issue affecting one or more users. Priority 4 - 1 day
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels TSG provide System Care support for EDRM projects built in SharePoint on-line. Contracts are built on a number of hours support to be used over the contract period.
These hours can be used on the support desk to cover telephone, remote support and on-site consultancy where required. (A lead time may be experienced for requested consultancy)
Support is delivered by our dedicated Office 365/SP team.
Our clients also have access to a dedicated technical account manager
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started TSG provide full project delivery from initial discovery sessions, scope of works, set up, data import, configuration, training, go-live assistance and project management. Generally all training is delivered on site although remote sessions can be arranged where appropriate.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction O365 licenses re-occur until cancelled, should a contract be cancelled and data extraction required this will be assessed on a case by case basis and a methodology agreed and any related costs provided.
A case can be logged and a copy of the database downloaded.
End-of-contract process O365 licenses renew unless cancelled, end of contract scenarios can be discussed and agreed on a case by case basis, access to the service will be lost at the end of a contract unless renewed, after a period of time the data will be deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Screens will render to provide device friendly views with a fully responsive interface.
There is parity of functionality and service between mobile and desktop.
Service interface No
What users can and can't do using the API As our EDRM solution is built upon SharePoint in Office 365 API provision is via Microsoft service.
More information can be found here:
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisations can be made using the Microsoft API's, more information can be found here:


Independence of resources We leverage Microsoft Online Services which in turn utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage. More information on request.


Service usage metrics Yes
Metrics types Office 365 has in-built usage reports. More information available on request.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold MS Gold partner reselling Microsoft licensing & professional services

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach Microsoft SQL Server transparent data encryption (TDE)
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can extract data using various techniques including integration with Office clients and Microsoft API's. More information available on request.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Encrypted at rest with SQL encryption using a customer controlled encryption key.

Availability and resilience

Availability and resilience
Guaranteed availability MS Monthly Service Levels:
1. The Service Level is 99.9%.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:

Monthly Uptime Percentage = Total number of minutes in a given calendar month minus Total number of minutes of Downtime in a given calendar month.

More information available on request.
Approach to resilience Microsoft Azure environment, further information on request
Outage reporting Hosting is on Microsoft Azure, further information available on request

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is permission driven and data access is controlled in the same way
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date 26.02.18
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 06.04.16
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach TSG have internal controls in place to ensure security governance, departmental access, device encryption policies, password policies, conditional access policies all form part of this.
Information security policies and processes TSG follow our own Information Security policy, more info available on request.
Ultimate responsibility for ensuring Information Security rests with TSG’s Senior Management Team. They are responsible for ensuring a culture where Information Security is taken seriously by all employees and third parties acting on behalf of TSG.

Responsibility for securing specific IT systems rests with the Head of IT, the Group Applications Director and the Service Delivery Director depending whether the systems are internal to TSG or are hosted on behalf of a customer.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The components of services are tracked through their lifetime
Services are defined in conjunction with customer requirements at the point of initial engagement and as part of the onboarding process. During this definition of service, change management and service lifecycle management processes are designed around customer requirements and specific service needs.

Changes are assessed for potential security impact
All service changes are evaluated by a technical resource with focus on service performance, availability and security impacts.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Annual penetration tests carried out by a verified tester.
We have an industry std Anti-Virus package deployed, utilise std tools such as threat management tools, anti ransomware etc.
TSG also have a documented Disaster recovery policy.
Patches are deployed weekly to end user devices/servers after been through internal testing.
TSG have bespoke reporting and management software to assist in identifying potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All devices have a monitoring agent on them which can identify potential issues and report back to our service desk.
If an issue is identified we have an internal 4HR SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. The internal SLA on a P1 is 30 minutes.
Incident management type Supplier-defined controls
Incident management approach TSG have a pre-defined incident process for common events.
Users can report incidents via the Support desk.
Incident reports are also provided via Support desk and/or Account management team.

The benefits of a robust Incident Management process include:
• Higher end user satisfaction through improved resolution time and quality of services.
• Better performance against agreed service levels through higher service availability.
• Higher efficiency and productivity for the customer due to fewer hours lost to interruptions to IT service.
• Better alignment and collaboration between internal TSG departments.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £950 to £950 per unit per day
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑