Jisc Services Ltd

Managed Office 365

Microsoft Office 365 provides a suite of flexible and familiar tools for collaboration across teams, devices, and platforms. The Jisc Managed Office 365 service has been designed for organisations who wish to take advantage of the benefits offered by Office 365 without the need to directly manage the environment themselves.

Features

  • Best-in-class technology advice, engineering and support
  • Full management of your Microsoft Office 365 environment
  • User administration including Office 365 Exchange groups and SharePoint sites
  • Expert support and guidance via telephone and email
  • Predictable monthly spend with full visibility of Office 365 utilisation
  • Elastically flex Office 365 licensing according to needs and demand
  • Office 365 SaaS approved for use at OFFICIAL
  • Easily access Microsoft Office 365 from multiple devices and locations
  • Unified communications with Skype for Business, integration with Active Directory
  • Microsoft Cloud Solution Provider, Microsoft Gold Hosting Partner

Benefits

  • Expert ITIL aligned management of your Office 365 business applications
  • Boost productivity with familiar Microsoft Office 365 applications
  • Improve teamwork and collaboration with Microsoft SharePoint, Yammer and Teams
  • Increase flexibility with always-on access to Office 365 from anywhere
  • Easy integration with existing services such as Microsoft Active Directory
  • Enable unified communications and mobile device management
  • Trusted technology advisor and ally of the public sector
  • Aligned values and knowledge transfer at every step
  • Transform the way you work with Microsoft Office 365 applications
  • Anywhere, anytime, flexible working with Microsoft Office 365 applications

Pricing

£8.00 to £35.00 per user per month

Service documents

G-Cloud 11

135945667989580

Jisc Services Ltd

Jisc helpdesk

03003002212

help@jisc.ac.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Any current web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 8 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels We provide two different support levels, Standard and Premium. For details and costs, please see the service definition and pricing documents in our listing. All our managed services are supported by a team of cloud support engineers, backed up by specialist subject matter experts covering fields including networking, security and applications.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started An Office 365 specialist will work with you to understand the scope and nature of the required services, including: the deployment process, any integration requirements of legacy services/applications, end users, segmentation and associated security profiles. Details include agreeing reporting requirements and scheduling, formats and transportation. This will normally take place prior to contract award. We will provide User Guides, both online and in crib card format as part of user activation. Onsite training can also be provided as an additional charged item.
Service documentation No
End-of-contract data extraction Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
End-of-contract process A termination plan will be produced and agreed with you. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities. Production of this tailored plan is included within the service price.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service If you're using at least iOS 10.0 we recommend using the Office for iPad apps instead. You'll find them in the Apple app store. If you're using an older version of iOS then Safari is the best browser for Office Online on iPads, but some features may not be available. There are currently no browsers on Android that are officially supported with Office Online. We recommend using the Office for Android apps instead. You'll find them in the Google Play store.
Service interface Yes
Description of service interface All features of the service are available through the service interface.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing N/A
API Yes
What users can and can't do using the API Please see https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview for more information on the Office 365 API
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Please see https://docs.microsoft.com/en-us/Office365/ and https://products.office.com/en-gb/business/compare-more-office-365-for-business-plans for more information on Office 365 options.

Scaling

Scaling
Independence of resources A detailed description of how Microsoft isolates individual customer tenancies can be found here https://www.microsoft.com/en-us/download/confirmation.aspx?id=54249

Analytics

Analytics
Service usage metrics Yes
Metrics types Office 365 usage reports are available for your administrators in the Office 365 admin center. Please see https://support.office.com/en-us/article/activity-reports-in-the-office-365-admin-center-0d6dfb17-8582-4172-a9a9-aed798150263 for more information.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Microsoft 365

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach Other data at rest protection approach

Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Details of how to extract data from Office 365 can be found here https://products.office.com/en-us/business/office-365-online-data-portability
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Information on how Microsoft protects data within its enterprise services can be found here https://www.microsoft.com/en-us/download/details.aspx?id=55848

Availability and resilience

Availability and resilience
Guaranteed availability Details of the Office 365 service level agreement can be found here https://technet.microsoft.com/en-us/library/office-365-service-level-agreement.aspx
Approach to resilience Details of how Microsoft ensures resiliency in the Office 365 service can be found here https://www.microsoft.com/en-us/download/details.aspx?id=53560
Outage reporting Office 365 includes a service status portal for tracking any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Office 365 allows for creation and management of administration roles, please see https://support.office.com/en-gb/article/office-365-admin-overview-c7228a3e-061f-4575-b1ef-adf1d1669870?ui=en-US&rs=en-GB&ad=GB for more information
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification International
ISO/IEC 27001 accreditation date 10/05/2018
What the ISO/IEC 27001 doesn’t cover Our certificate covers the information security of the technology solutions, covering the network, premises and supply chain management, supporting all of our cloud and hosting services, cloud-based application development, identity and access management, license negotiation and professional services offerings provided to customers.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 11 August 2015
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover All Jisc cloud solutions are covered.
PCI certification Yes
Who accredited the PCI DSS certification We are self certified
PCI DSS accreditation date 10/08/2017
What the PCI DSS doesn’t cover We are self-certified for a single card payment device.
Other security certifications Yes
Any other security certifications
  • Cyber Supplier to Government
  • CHECK
  • CESG PGA
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Jisc is certified as compliant with ISO27001 by a UKAS accredited certifying body. Services that we have designed, implemented and operate have been subject to RMADS accreditation including ITHCs by independent CHECK providers. We are able to supply our Information Security Policy subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Jisc is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure. Jisc's management tool incorporates a Change Management Database (CMDB) at the heart of its operation, with all service support and delivery modules linked to the CMDB to ensure a complete and accurate view of customer estates. A dedicated Change and Configuration Management team exists within the services department and liaises closely with all other teams to ensure changes are successful and our infrastructure is maintained and accurately modelled within the CMDB.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We subscribe to vendor support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities. The patch deployment policy is ITIL aligned and undertaken in accordance with our ISO27001 security policy. For patching of Windows operating systems, we follow a patch cycle in line with Microsoft’s "Patch Tuesday”. For exceptional patching, our processes allow for the management of exceptions which require emergency maintenance to protect your service from vulnerabilities. Notifications are sent to ensure that customers are informed of planned works and all patches are tested before deployment to live.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Jisc makes use of cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. A real-time analytics engine is used to correlate events, logs and performance metrics across your cloud and on-premise infrastructure. A comprehensive suite of highly configurable rules allow alerts to be sent in response to malicious activity and performance-impacting events, all of which is included as standard in the service.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our ITIL-aligned Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. Customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. For Major Incidents, once the Incident has been resolved, the Incident Manager will ensure an Incident Review Meeting is held and a Major Incident Report is created and distributed.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Joint Academic Network (JANET)

Pricing

Pricing
Price £8.00 to £35.00 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑