Content and Code Ltd

Intranet

Content and Code created the Fresh Intranet using years of experience in SharePoint intranets and Microsoft 365. Fresh Intranet offers simplified communication and collaboration solutions enabling organisations to cut through intranet options and features, rapidly deploying and leveraging the Microsoft 365-based intranet with integrated Microsoft 365 tools.

Features

• Home page and global navigation within the Fresh Communications portal
• News and internal communications within the Fresh Communications portal
• Document management and powerful search
• Enterprise social networking
• Team sites
• Internal content publishing within the Fresh Communications portal
• Office locations within the Fresh Communications portal
• Platform: mobile responsive, M365 integrated
• For more details please see https://freshintranet.com/

Benefits

• Increased employee engagement
• Easy access to tools, resources and company information
• Mobile responsive solution allowing access anywhere
• Easy to update and maintain content
• Flexible templates able to be deployed for multi-use
• Aligned to Microsoft product roadmap
• Companion app for Microsoft 365
• Ready-to-launch cloud-based solution
• Flexibility to extend and integrate with other solutions
• Access to upgrades and enhancements

£30,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@contentandcode.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

174836881926353

Contact

Andy Sayer
07720 262 320
bids@contentandcode.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft Office 365, SharePoint Online, SharePoint 2013, SharePoint 2016
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Content and Code's Fresh digital workspace solution requires Office 365 or SharePoint licencing from Microsoft.
• System requirements:
  • Microsoft Office 365 license, or
  • SharePoint license

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the priority of the ticket. Initial responses are tied into our response SLAs, however response times for general questions are not targeted. Response times at weekends will depend on whether weekend support is taken up.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Content and Code have four tiers of support available for clients: Entry, Essential, Enhanced, and Elite. All levels of support include UK-based support desk with 8:00-18:00 M-F cover (excluding public holidays), extended hours are available as an option at an extra cost to the client; and technical support hours per month increasing from 8 (entry level) to unlimited (elite level). Essential, enhanced, and elite support additionally include service reporting, data analytics, and change management. Enhanced and elite levels have support for service and technical account management, proactive (event) management, and major incident management. Elite is the only level that includes operational run tasks (e.g. scheduled checks).
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Fresh is accompanied by a full methodology that covers branding, language and taxonomy to rollout and training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Content is stored in Microsoft's SharePoint tenant and not in our product. Content can be extracted from SharePoint/Office 365 using standard practices and/or 3rd party tools.
• End-of-contract process: The client owns their solution from the outset and at the end of the contract the client no longer receives updates.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile services runs in browser and in responsive, rendering all pages in the solution appropriate to the device being used. Content is prioritised for typical mobile use cases, e.g. reading news over editing documents.
• Service interface: Yes
• Description of service interface: See the Service Description document for details.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: See the Service Description document for details.
• API: Yes
• What users can and can't do using the API: All services on Fresh can be accessed using the Office 365 API. Documented here: https://msdn.microsoft.com/en-us/office/office365/howto/platform-development-overview
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Fresh utilises standard SharePoint functionality and can be extended and customised in-line with best practice for modifying SharePoint. Apps hosted on third party platforms can also be integrated.

Scaling

• Independence of resources: Use of client side rendering technologies pushes the UI processing to the client and reduces a user's impact on the server farm. The underlying Office 365 platform scales dynamically with the active user base and purchased licence count. Services which are designed to scale very well are used as a basis for end-user functionality including the Search service and Managed Metadata service.

Analytics

• Service usage metrics: Yes
• Metrics types: See Service Description document for detail.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Documents may be downloaded or synchronised locally, list/library data can be exported to Excel as an external data source.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.
• Approach to resilience: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.
• Outage reporting: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Via Azure Active Directory using Oauth 2.0. Capabilities such as multi-factor authentication, mobile device management, Azure Rights Management, and Data Loss Protection can be enforced for all, or specific, user groups.
• Access restrictions in management interfaces and support channels: User roles. A user may be an administrator a particular sub level of the solution or be a member of a group with these permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: http://bit.ly/2pm1ENv
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Content and Code align all services with the principles and standards described in the ISO20000 accreditations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As the solution is based on the Microsoft's Office 365 platform, please see https://www.microsoft.com/en-us/trustcenter for details.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £30,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@contentandcode.com. Tell them what format you need. It will help if you say what assistive technology you use.