Microsoft SharePoint Electronic Document and Records Management (EDRM)
TSG have successful experience delivering EDRM projects using Microsoft SharePoint. Electronic document and records management solutions are designed to store documents & records using associated metadata, which is then categorised within a classification scheme and enabled for search optimisation for all users to retrieve records.
- Enterprise level Document & Records management solution
- Enterprise level search functionality
- Enterprise Content Management & Information Governance
- Integration with Office, Exchange, AD and line of business applications
- Ongoing support of the delivered solution
- Sector specific EDRM for Housing Providers
- Aligns to information management policies and principles
- Mobile and Offline Working
- Migration from legacy systems
- Evergreen platform using Microsoft Office 365
- Proven track record delivering successful EDRM projects
- Experts in supporting Housing Associations and Local Authority Housing Providers
- Flexible project delivery
- Secure, cloud-based service with robust access management control
- Scale licenses up/down
- Enabalise use of other Office 365 tools ie PowerApps, Flow
- Remove cost of legacy applications and utilise existing O365 licenses
- 9 x MS Gold accreditations
- Skills transfer to internal staff including training and project management
- Consistent and measurable improvement in everyday business processes
£950 to £950 per unit per day
- Education pricing available
TECHNOLOGY SERVICES GROUP
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
May need O365 licences, anti-virus software & back up to be in place if company doesn't already have Office 365.
Reliable Internet connection must be in place
Devices meet the minimum system requirements for the product
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Priority 1 - 30 mins - P1 = Critical issue affecting multiple users
Priority 2 - 1Hr - P2 = Critical issue affecting single user
Priority 3 - 4 Hours = P3 = Minor issue affecting one or more users. Priority 4 - 1 day
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
TSG provide System Care support for EDRM projects built in SharePoint on-line. Contracts are built on a number of hours support to be used over the contract period.
These hours can be used on the support desk to cover telephone, remote support and on-site consultancy where required. (A lead time may be experienced for requested consultancy)
Support is delivered by our dedicated Office 365/SP team.
Our clients also have access to a dedicated technical account manager
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||TSG provide full project delivery from initial discovery sessions, scope of works, set up, data import, configuration, training, go-live assistance and project management. Generally all training is delivered on site although remote sessions can be arranged where appropriate.|
|End-of-contract data extraction||
O365 licenses re-occur until cancelled, should a contract be cancelled and data extraction required this will be assessed on a case by case basis and a methodology agreed and any related costs provided.
A case can be logged and a copy of the database downloaded.
|End-of-contract process||O365 licenses renew unless cancelled, end of contract scenarios can be discussed and agreed on a case by case basis, access to the service will be lost at the end of a contract unless renewed, after a period of time the data will be deleted.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Screens will render to provide device friendly views with a fully responsive interface.
There is parity of functionality and service between mobile and desktop.
|What users can and can't do using the API||
As our EDRM solution is built upon SharePoint in Office 365 API provision is via Microsoft service.
More information can be found here: https://docs.microsoft.com/en-us/graph/overview
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Customisations can be made using the Microsoft API's, more information can be found here:
|Independence of resources||We leverage Microsoft Online Services which in turn utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage. More information on request.|
|Service usage metrics||Yes|
|Metrics types||Office 365 has in-built usage reports. More information available on request.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||MS Gold partner reselling Microsoft licensing & professional services|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Never|
|Protecting data at rest||Other|
|Other data at rest protection approach||Microsoft SQL Server transparent data encryption (TDE)|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Users can extract data using various techniques including integration with Office clients and Microsoft API's. More information available on request.|
|Data export formats||
|Other data export formats||Excel|
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||Encrypted at rest with SQL encryption using a customer controlled encryption key.|
Availability and resilience
MS Monthly Service Levels:
1. The Service Level is 99.9%.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:
Monthly Uptime Percentage = Total number of minutes in a given calendar month minus Total number of minutes of Downtime in a given calendar month.
More information available on request.
|Approach to resilience||Microsoft Azure environment, further information on request|
|Outage reporting||Hosting is on Microsoft Azure, further information available on request|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access is permission driven and data access is controlled in the same way|
|Access restriction testing frequency||Less than once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001|
|ISO/IEC 27001 accreditation date||26.02.18|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||06.04.16|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||https://www.microsoft.com/en-us/trustcenter/compliance/uk-g-cloud|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||TSG have internal controls in place to ensure security governance, departmental access, device encryption policies, password policies, conditional access policies all form part of this.|
|Information security policies and processes||
TSG follow our own Information Security policy, more info available on request.
Ultimate responsibility for ensuring Information Security rests with TSG’s Senior Management Team. They are responsible for ensuring a culture where Information Security is taken seriously by all employees and third parties acting on behalf of TSG.
Responsibility for securing specific IT systems rests with the Head of IT, the Group Applications Director and the Service Delivery Director depending whether the systems are internal to TSG or are hosted on behalf of a customer.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The components of services are tracked through their lifetime
Services are defined in conjunction with customer requirements at the point of initial engagement and as part of the onboarding process. During this definition of service, change management and service lifecycle management processes are designed around customer requirements and specific service needs.
Changes are assessed for potential security impact
All service changes are evaluated by a technical resource with focus on service performance, availability and security impacts.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Annual penetration tests carried out by a verified tester.
We have an industry std Anti-Virus package deployed, utilise std tools such as threat management tools, anti ransomware etc.
TSG also have a documented Disaster recovery policy.
Patches are deployed weekly to end user devices/servers after been through internal testing.
TSG have bespoke reporting and management software to assist in identifying potential threats.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
All devices have a monitoring agent on them which can identify potential issues and report back to our service desk.
If an issue is identified we have an internal 4HR SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. The internal SLA on a P1 is 30 minutes.
|Incident management type||Supplier-defined controls|
|Incident management approach||
TSG have a pre-defined incident process for common events.
Users can report incidents via the Support desk.
Incident reports are also provided via Support desk and/or Account management team.
The benefits of a robust Incident Management process include:
• Higher end user satisfaction through improved resolution time and quality of services.
• Better performance against agreed service levels through higher service availability.
• Higher efficiency and productivity for the customer due to fewer hours lost to interruptions to IT service.
• Better alignment and collaboration between internal TSG departments.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£950 to £950 per unit per day|
|Discount for educational organisations||Yes|
|Free trial available||No|