Managed Microsoft Office 365 for Public Sector
Datapipe's Managed Services for Microsoft Office 365 enables secure, reliable, enterprise-class communication tools for public sector organisations of all sizes, providing additional service management and migration support not available from Microsoft. Office 365 features an easy-to-use unified platform with centralised tools for user management, administration and license management.
Features
- Anywhere access to documents, email and instant messaging
- 50Gb mailboxes, calendar, and contact management with anti-virus, anti-spam
- Document storage and sharing with Office Online, SharePoint and OneDrive
- File storage and sharing for teams and individuals.
- Web conferences and online meetings with up to 10,000 attendees
- Team sites and corporate video portals
- Secure, reliable and evergreen service
- Enterprise class security
- Ongoing management and support from Microsoft Office 365 experts
- Uptime guarantees
Benefits
- Use business email through an up-to-date, familiar Outlook experience
- Accomplish more faster with a modern collaboration workplace
- Easily share files and co-author documents with team sites
- Increase employee engagement with a corporate social network
- Professional digital story telling with Sway
- Access information from virtually anywhere and any device
- Move to cloud with easy management and task automation
- Host online meetings with audio, HD video and web conferencing
- Collaborate using instant messaging, voice calls and video calls
- Increased productivity without the operational overhead
Pricing
£4 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 9
Service ID
1 8 9 3 3 9 3 2 6 1 6 5 7 0 7
Contact
Datapipe
<removed>
Telephone: <removed>
Email: <removed>@b8f7fe78-89c6-477f-8c3b-ab260b893258.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Service Descriptions and constraints are available at https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx
- System requirements
- See https://products.office.com/en-GB/office-system-requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Severity One incidents are responded to within 10minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications.
Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Datapipe's support model is all-inclusive and untiered. We offer the same level of service to every Dataipe customer. Our core customer engagement principle is to be ‘Easy to Work With’. This culture is most visible in our Operations Centre, where specialist teams work closely together with a shared understanding of our customer’s drivers and their required outcomes.
This is achieved by the following alignment structure:
> Account Team (Lead): Our Planners and Thinkers
• This team is responsible for understanding and communicating the required customer outcomes to the rest of the Datapipe business and is accountable for maintaining the partnership between the customer and Datapipe.
> Service: Our Deliverers and Analysts
• This team is responsible for managing the delivery of customer outcomes that have been set during the discovery, analysis and design phases. The service team are responsible for ensuring the customer's sevice experience meets expectations throughout live service.
> Operations: Our Engineers and Explorers
• This team is responsible for maintaining and accelerating the delivery of our customer outcomes through deep technical specialisms combined with a thorough understanding of the customer's business. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Getting Started: personal support from your assigned Service Delivery Manager, full user documentation and end user portal enrolment.
Datapipe has years of experience on-boarding customers into our virtual and cloud infrastructure environments. We will walk you through all considerations (typically including network connectivity and migration options) as your requirements develop, ensuring we balance risk vs cost vs timescales in the right way for your organisation.
Datapipe’s proven, expert service management delivers a single point of contact for your teams. Our Service Delivery Managers (SDM) are responsible for the successful onboarding and running of your services and create custom engagement schedules for review and discussion. Your SDM will also collaborate with you to create a custom runbook, which clearly lays out all information, contacts and processes relating to the daily management of your environments.
Your SDM will also provide one-on-one training to ensure a high level of comfort and familiarity with our interfaces and portals. This can be achieved over a webex for large distributed groups of end users or at your premises, depending on your preference. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Users can extract their data across the network via VPN or other secure network protocol or via Express Route if the customer has this in place.
Please see https://products.office.com/en-us/business/office-365-online-data-portability for further details.
Design and service documentation is located on the Datapipe portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
Depending on the your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and cutover of services to the new provider are aligned precisely with requirements. - End-of-contract process
-
If you feel the need to switch providers, we will work with you to expedite the off-boarding of your services. Datapipe’s solutions are all based on standardised infrastructure and software, with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete.
As standard, if you wish to move workloads, Datapipe will provide secure access to third parties to extract your data and application configurations to help you get applications up and running in the target environment.
Upon expiration or termination of your Office 365 subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data. As part of our Online Service Terms we specify that the customer owns its data. Microsoft acts as Data Processor. For more see http://trustoffice365.com/. Please see https://products.office.com/en-us/business/office-365-online-data-portability for data extraction methods.
Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and cutover of services to the new provider are aligned precisely to your requirements.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10+
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service is optimised for mobile, desktop and tablet use and there are differences. Core functionality is available across all platforms. See https://support.office.com/en-us/article/Office-Online-browser-support-AD1303E0-A318-47AA-B409-D3A5EB44E452
- Accessibility standards
- None or don’t know
- Description of accessibility
- Users can create and manage incidents, changes and requests through the web interface or portal. Customer documentation is stored on the portal, allowing customers to view service reports, design documentation and invoices. Customers can create and remove users of the portal for their organisation and adjust the type of user account they have.
- Accessibility testing
- None for the Datapipe portal. For the Office 365 service, for users with disabilities we have the Disability Answer Desk (DAD), and for enterprise customers with accessibility questions or accessibility related compliance questions we have the enterprise Disability Answer Desk (eDAD). See https://www.microsoft.com/en-us/accessibility/
- API
- Yes
- What users can and can't do using the API
- The full API details are avilable online at dev.office.com
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Please see https://technet.microsoft.com/en-us/office/dn788774.aspx
Scaling
- Independence of resources
- Please see http://www.microsoft.com/en-us/download/details.aspx?id=54249
Analytics
- Service usage metrics
- Yes
- Metrics types
- Please see the Business admins section found here https://support.office.com/en-gb
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
- For data at rest, Office 365 deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users can extract their data across the network via VPN or other secure network protocol or via Express Route if the customer has this in place. Design and service documentation is located on the Datapipe portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
Please see https://products.office.com/en-us/business/office-365-online-data-portability for Office 365 specific information. - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- See https://products.office.com/en-us/business/office-365-online-data-portability
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- Please see http://fasttrack.microsoft.com/office/onboard/50
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients, such as Skype for Business Online, Outlook, and Outlook on the web. See also http://aka.ms/Office365CE
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Please see http://aka.ms/Office365TI and http://aka.ms/Office365CE
Availability and resilience
- Guaranteed availability
-
Datapipe provide a 99.9% service uptime guarantee as part of the managed service. Service credits are applied to the cost of the managed service in the event of service breaches. Please refer to the terms and conditions for complete details.
Microsoft Office 365 service levels can be found at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=11675 - Approach to resilience
- Please see http://aka.ms/Office365DR
- Outage reporting
-
The Datapipe portal details scheduled maintenance, outages and incidents affecting multiple customers and relates to the managed service.
In the event of an incident, nominated contacts for each customer, as documented in the operational run book, are notified and updated at least every 60 minutes of the progress towards resolution of the issue.
Technical Escalation Managers (TEM) ensure that Service Levels are maintained around incidents, change requests and service requests, while also ensuring that customer notifications and interactions are
consistent with the customer’s Solution Escalation Action Plan (SEAP). Datapipe’s internal processes are built on ITIL-based methodology.
Technical Escalation Managers are also deployed onto customer incidents depending on severity, who take ownership of resolution outcomes and provide a central point of contact for all comms.
Office 365 reports outages via the service status portal https://portal.office.com/servicestatus/servicestatus.aspx, Alert or Mobile Application
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
-
Modern authentication Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms, enabling sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication.
Cloud identity authentication - Users with cloud identities are authenticated using traditional challenge/response.
Federated identity authentication - Users with federated identities are authenticated using Active Directory Federation Services 2.0 or other Security Token Services.
MFA for Office 365 - users are required to acknowledge a phone call, text, or an app notification on their smartphone after correctly entering their password.
https://technet.microsoft.com/en-us/library/office-365-user-account-management.aspx - Access restrictions in management interfaces and support channels
-
Access is limited via a secure two -factor authentication method, using 'least privilege' access to systems. Customers can log tickets via email or telephone and all initial interactions are security validated against a list of known email addresses, persons, telephone numbers and security information. Datapipe performs all management through Secure Management Environments (SME). This is a walled garden approach to customer identity management.
Office 365 comes with a set of administrator roles that you can assign to users in your organization. Each admin role maps to common business functions, and gives those people permissions to do specific tasks.
https://support.office.com/en-gb/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d?ui=en-US&rs=en-GB&ad=GB
https://support.office.com/en-gb/article/Assign-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-GB&ad=GB - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- SNR Certification, Certification No.: SNR 11399498/15/I
- ISO/IEC 27001 accreditation date
- 20 October 2016, Renew Date: 05 October 2018
- What the ISO/IEC 27001 doesn’t cover
- Anything above the Hypervisor, Platform as a Service or Software as a Service services are not covered by the Datapipe ISMS. Datapipe use a shared security model to ensure all parties are aware of their responsibilities and agree how to manage risk.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- NTT Security Ltd, Certificate ID: o4Anq6RuYfK2dN1
- PCI DSS accreditation date
- 15 September 2016, Renew Date: 15 September 2017
- What the PCI DSS doesn’t cover
- As per industry best practice, our PCI scope is restricted to specific platforms. Any platform that is not in the Datapipe PCI scope is not covered by this certification. For Platforms in scope anything above the Hypervisor is not covered by the Datapipe PCI scope. Datapipe uses a shared security model to ensure all parties are aware of the scope of accreditations, their responsibilities and agree how to manage risk.
- Other security accreditations
- Yes
- Any other security accreditations
-
- PSN Code of Connection
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance accreditation
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- FISMA/FedRamp, EU Model Clauses, HIPAA/HITECH, ISB 1596, ISO 27018, SASE16 SOC1 & SOC 2
- Information security policies and processes
-
Datapipe maintains core security certifications for ISO 9001, ISO 27001, Cyber Essentials Plus and PCI DSS 3.2. The Datapipe Executive Team is committed to providing a robust framework that prioritises security across our business. The board have recognised Information Security and Cyber Security are vital to the protection of any organisation’s key assets. Security risks, requirements and controls are primarily designed around the CIA Triad, which relates to Confidentiality, Integrity and Availability.
Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements. As we are fully certified in both ISO27001 and PCI we have robust compliant policies that are regularly audited. Policy implementation is measured regularly and metrics are reported quarterly to the board. Direction is then communicated to heads of department for rectification.
Datapipe maintains an Information Security Management System (ISMS) which is certified against the requirements of ISO 27001. Our staff are SC cleared and vetted where necessary.
Microsft has established an Information Security Management Program to maintain and improve its management system for information security. Through establishment of the ISMS, Office 365 plans for and manages protection of its assets to acceptable security levels.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Datapipe follows the ITIL definition of change management to provide a standardised method for the management of the risk and impact associated with amending live configuration items. The process covers both Datapipe and customer configuration items.
Changes are categorised as Standard, Normal or Emergency allowing for appropriate due diligence to be performed.
The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a seven point process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Datapipe Security regularly carries out vulnerability scans using authorised scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. We closely monitor multiple vendor websites and receive vendor e-mails for patch releases, vulnerability notification or vendor specific warnings. We are also signed up to NCSC CiSP. Notifications of vulnerabilities are distributed to our relevant teams teams who inform our customers. Datapipe follows standard patching timeframes of 30/60/90 days but for government customers, aims for critical patches within 14 days.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Datapipe utilises market leading unified security management tools for our protective monitoring solution on our platforms. These combine five essential security capabilities: Asset Discovery, Behavioural Monitoring, Vulnerability Assessment, SIEM and Intrusion Detection into a single management plane. Datapipe, through the software, has a complete view of our estate ensuring the complete integrity of our platform by identifying potentially compromised systems and suspicious behaviour, assessing vulnerabilities, correlating and analysing security event data.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Where Datapipe has not acknowledged an issue through proactive monitoring, users can report incidents by phone or email, 24x7, to the service desk.
Datapipe follows the ITIL definition of Major Incident prioritisation:
Sev 1 Critical - Single Client Total Outage.
Sev 2 Major - Single Client Impairment.
The Major Incident Management Process is implemented by the Datapipe Operations team with the goal of managing unplanned service interruptions. This includes customer communications (by phone and email) to a defined schedule. The Operations group, specifically the Technical Escalation Manager (TEM) is responsible for initiating and managing the incident reporting process.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £4 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- 30 day trial of Office 365
Documents
- Pricing document
- Pricing document
- Skills Framework for the Information Age rate card
- Skills Framework for the Information Age rate card
- Service definition document
- Service definition document
- Terms and conditions document
- Terms and conditions document