Jisc Services Ltd

Managed Office 365

Microsoft Office 365 provides a suite of flexible and familiar tools for collaboration across teams, devices, and platforms. The Jisc Managed Office 365 service has been designed for organisations who wish to take advantage of the benefits offered by Office 365 without the need to directly manage the environment themselves.

Features

  • Best-in-class technology advice, engineering and support
  • Full management of your Microsoft Office 365 environment
  • User administration including Office 365 Exchange groups and SharePoint sites
  • Expert support and guidance via telephone and email
  • Predictable monthly spend with full visibility of Office 365 utilisation
  • Elastically flex Office 365 licensing according to needs and demand
  • Office 365 SaaS approved for use at OFFICIAL
  • Easily access Microsoft Office 365 from multiple devices and locations
  • Unified communications with Skype for Business, integration with Active Directory
  • Microsoft Cloud Solution Provider, Microsoft Gold Hosting Partner

Benefits

  • Expert ITIL aligned management of your Office 365 business applications
  • Boost productivity with familiar Microsoft Office 365 applications
  • Improve teamwork and collaboration with Microsoft SharePoint, Yammer and Teams
  • Increase flexibility with always-on access to Office 365 from anywhere
  • Easy integration with existing services such as Microsoft Active Directory
  • Enable unified communications and mobile device management
  • Trusted technology advisor and ally of the public sector
  • Aligned values and knowledge transfer at every step
  • Transform the way you work with Microsoft Office 365 applications
  • Anywhere, anytime, flexible working with Microsoft Office 365 applications

Pricing

£8.00 to £35.00 per user per month

Service documents

Framework

G-Cloud 11

Service ID

1 3 5 9 4 5 6 6 7 9 8 9 5 8 0

Contact

Jisc Services Ltd

Jisc helpdesk

03003002212

help@jisc.ac.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Any current web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
8 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
We provide two different support levels, Standard and Premium. For details and costs, please see the service definition and pricing documents in our listing. All our managed services are supported by a team of cloud support engineers, backed up by specialist subject matter experts covering fields including networking, security and applications.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
An Office 365 specialist will work with you to understand the scope and nature of the required services, including: the deployment process, any integration requirements of legacy services/applications, end users, segmentation and associated security profiles. Details include agreeing reporting requirements and scheduling, formats and transportation. This will normally take place prior to contract award. We will provide User Guides, both online and in crib card format as part of user activation. Onsite training can also be provided as an additional charged item.
Service documentation
No
End-of-contract data extraction
Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
End-of-contract process
A termination plan will be produced and agreed with you. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities. Production of this tailored plan is included within the service price.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
If you're using at least iOS 10.0 we recommend using the Office for iPad apps instead. You'll find them in the Apple app store. If you're using an older version of iOS then Safari is the best browser for Office Online on iPads, but some features may not be available. There are currently no browsers on Android that are officially supported with Office Online. We recommend using the Office for Android apps instead. You'll find them in the Google Play store.
Service interface
Yes
Description of service interface
All features of the service are available through the service interface.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Please see https://docs.microsoft.com/en-us/Office365/ and https://products.office.com/en-gb/business/compare-more-office-365-for-business-plans for more information on Office 365 options.

Scaling

Independence of resources
A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Analytics

Service usage metrics
Yes
Metrics types
Office 365 usage reports are available for your administrators in the Office 365 admin center. Please see https://support.office.com/en-us/article/activity-reports-in-the-office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263 for more information.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft 365

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Other data at rest protection approach

Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848

Availability and resilience

Guaranteed availability
Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
Approach to resilience
Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560
Outage reporting
Office 365 includes a service status portal for tracking any outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Office 365 allows for creation and management of administration roles, please see https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification International
ISO/IEC 27001 accreditation date
10/05/2018
What the ISO/IEC 27001 doesn’t cover
Our certificate covers the information security of the technology solutions, covering the network, premises and supply chain management, supporting all of our cloud and hosting services, cloud-based application development, identity and access management, license negotiation and professional services offerings provided to customers.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
11 August 2015
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
All Jisc cloud solutions are covered.
PCI certification
Yes
Who accredited the PCI DSS certification
We are self certified
PCI DSS accreditation date
10/08/2017
What the PCI DSS doesn’t cover
We are self-certified for a single card payment device.
Other security certifications
Yes
Any other security certifications
  • Cyber Supplier to Government
  • CHECK
  • CESG PGA
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Jisc is certified as compliant with ISO27001 by a UKAS accredited certifying body. Services that we have designed, implemented and operate have been subject to RMADS accreditation including ITHCs by independent CHECK providers. We are able to supply our Information Security Policy subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Jisc is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure. Jisc's management tool incorporates a Change Management Database (CMDB) at the heart of its operation, with all service support and delivery modules linked to the CMDB to ensure a complete and accurate view of customer estates. A dedicated Change and Configuration Management team exists within the services department and liaises closely with all other teams to ensure changes are successful and our infrastructure is maintained and accurately modelled within the CMDB.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We subscribe to vendor support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities. The patch deployment policy is ITIL aligned and undertaken in accordance with our ISO27001 security policy. For patching of Windows operating systems, we follow a patch cycle in line with Microsoft’s "Patch Tuesday”. For exceptional patching, our processes allow for the management of exceptions which require emergency maintenance to protect your service from vulnerabilities. Notifications are sent to ensure that customers are informed of planned works and all patches are tested before deployment to live.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Jisc makes use of cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. A real-time analytics engine is used to correlate events, logs and performance metrics across your cloud and on-premise infrastructure. A comprehensive suite of highly configurable rules allow alerts to be sent in response to malicious activity and performance-impacting events, all of which is included as standard in the service.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our ITIL-aligned Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. Customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. For Major Incidents, once the Incident has been resolved, the Incident Manager will ensure an Incident Review Meeting is held and a Major Incident Report is created and distributed.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Joint Academic Network (JANET)

Pricing

Price
£8.00 to £35.00 per user per month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑