Timico Limited

Microsoft Teams

Timico's Microsoft Teams solution provides cloud-based team collaboration software that is part of the Microsoft 365 suite of applications. The core capabilities in Microsoft Teams include business messaging, calling, video meetings and file sharing. Timico can also offer PSTN calling within Teams via Direct Routing with our Teams Voice solution.

Features

  • Host audio, video and web conferences with anyone internally/externally
  • Broadcast events to showcase webinars to up to 10,000 users
  • Take advantage of Office 365's advanced security controls
  • Meet compliance regulations in multiple sectors through Teams compliance capabilities
  • Security controls including data loss prevention, retention policies and more

Benefits

  • Collaborate through document sharing
  • Communicate via messaging, calling and videos
  • Advanced security and control
  • Mobility through the use of desktop, tablet and mobile clients
  • Increase productivity through integrated Microsoft applications

Pricing

£400 a person a day

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

1 9 4 0 9 4 1 9 1 0 8 4 3 6 8

Contact

Timico Limited John Garton
Telephone: 07387 092775
Email: john.garton@timico.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Microsoft 365 / Office 365
Cloud deployment model
Public cloud
Service constraints
For this product there are a couple of pre-requisites for customers wanting to utilise Teams;

Must be consuming Exchange Online, SharePoint Online and OneDrive
Does not include Cloud PBX, PSTN breakout, Direct Routing features. It does include dial in for audio conferencing.
We must be, or moving to be, the customer's CSP Provider.
System requirements
  • Office 365
  • Microsoft 365

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our service desk operates 24/7/365 and is available at weekends.Tickets raised into our service desk are triaged within 30 minutes. They are then dealt with in line with their priority level in line with our service promise and the Service Level Agreements (SLAs) put in place for that contract.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Onsite support is categorised into levels 1, 2 or 3. Technical expertise ranges from basic end user support through to deployment of hardware and configuration. Onsite support can be sold in bundles of day tickets or charged on a time and material basis. Timico also monitor, maintain and patch in line with our standard policies and your requirements. The relevant support is discussed at the time of solution design.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Within the solution design of the deployment of the service we will discuss the transition and deployment plan for your end users. Our support to end users can range from providing a phone number into our IT Helpdesk through to providing an onsite engineer to help on Go Live days with training end users.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
There are a variety of different options for this dependent on the solution that has been provided, and this requirement will be discussed and agreed with the buyer once notice of the contract has been given.
End-of-contract process
An Exit Provision is built into the Service Provider Agreement. At the point a request to terminate the contract an exit plan will be agreed including the format and provision of data and any novation to an alternative supplier.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The implementation can be customised for customer's specific requirements. Additional options and services can be added.

Scaling

Independence of resources
In Microsoft 365 we are driving towards having all services architected and operated in an active/active design which increases resiliency. This means that there are always multiple instances of a service running that can respond to user requests and that they are hosted in geographically dispersed datacenters. All user traffic comes in through the Microsoft Front Door service and is automatically routed to the optimally located instance of the service and around any service failures to prevent or reduce impact to our customers.

Analytics

Service usage metrics
Yes
Metrics types
Teams usage report (Active users, Active users in teams and channels, Active channels, Messages, Privacy setting of teams, Guests in a team), Teams user activity report (1:1 calls a user participated in, Messages a user posted in a team chat, Messages a user posted in a private chat, Last activity date of a user), Teams device usage report, Teams live event usage report, Teams PSTN usage report
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
• Secure racks and/or cages; • ISO27001 and PCI aligned Physical Security policy in all datacentres; • Backups encrypted in transit and at rest to 256-Bit AES; • Data encrypted at rest to FIPS-140-2 standard; • ISO27001 aligned Media Handling and Disposal Policy in place.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are a variety of different options for this dependent on the solution that has been provided, and this requirement will be discussed and agreed with the buyer at the point of the solution design and inception.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
  • Zip
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Zip

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
IPSEC or Private circuits (CAS-T) can be deployed in order to protect data in transit.
Data protection within supplier network
Other
Other protection within supplier network
Data is only encrypted within the customers environment or from endpoint to endpoint with the agreed encryption methods (IPSEC/CAS-T). Packets across our network are not encrypted, but seperated by MPLS label at layer three or VLAN segmentation within data centres. The network infrastructure has physical, configuration, and administrative security applied aligned to our security standards.

Availability and resilience

Guaranteed availability
Microsoft Teams service is run by Microsoft and a 99.9% Uptime SLA applies across the following services:

Core service – Presence, Chat Messaging and Online Meetings
Microsoft Calling Plans and PSTN Audio Conferencing
Voice Quality – If impacted by the Microsoft network and only if the user is used a wired Teams IP Phone

Customers can claim service credits where this SLA is breached at the following rates:
< 99.9% - 25% Service Credit
< 99% - 50% Service Credit
< 95% - 100% Service Credit

Downtime is defined as any period of time when end users are unable to see presence status, conduct instant messaging conversations, or initiate online meetings
Approach to resilience
Microsoft Teams is a Microsoft 365 Service.

To minimize downtime, either planned or unexpected, Microsoft 365 services are designed and operated to be highly available and resilient to failure by focusing on four areas:

- Active/Active design
- Reduce incident scope
- Fault isolation
- Continuous service improvement
Outage reporting
Timico provide a powerful network monitoring and management tool, where we can provide you with critical information on how your service is performing and this can proactively alert our NOC when any issues arise. Timico’s monitoring tool offers; Network Device polling and Discovery ▪ New hardware assigned to your infrastructure will be auto discovered for ease of access monitoring ▪ Hardware errors and discards can be discovered as the hardware polls against our platform, alerting our engineers to any faults that might arise ▪ Polling intervals as low as 60 seconds Proactive Alerting and reporting ▪ Alerts when there is change in hardware status including customer defined CPU and Temperature thresholds ▪ Alerts will automatically raise an incident into our support desk ▪ If requested, we can produce reports on how your estate is performing and advise on improvements where needed

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
All customers are required to complete a customer contact list with associated levels of authorisation. The customer is in control of this list, with only key contacts able to make changes. Where customers call by telephone from an unknown number or request major Changes, Timico have a secure password agreed with each customer in advance to authenticate that user. Controls in place include: • Two factor authentication for user access; • TLS 1.2 based traffic; • HTTPS enforced on ITSM portal; • Role based access controls. • Active monitoring of authentication activity.
Access restrictions in management interfaces and support channels
All customers are required to complete a customer contact list with associated levels of authorisation. The customer is in control of this list, with only key contacts able to make changes. Where customers call by telephone from an unknown number or request major Changes, Timico have a secure password agreed with each customer in advance to authenticate that user. Controls in place include: • Two factor authentication for user access; • TLS 1.2 based traffic; • HTTPS enforced on ITSM portal; • Role based access controls. • Active monitoring of authentication activity.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
All customers are required to complete a customer contact list with associated levels of authorisation. The customer is in control of this list, with only key contacts able to make changes. Where customers call by telephone from an unknown number or request major Changes, Timico have a secure password agreed with each customer in advance to authenticate that user. Controls in place include: • Two factor authentication for user access; • TLS 1.2 based traffic; • HTTPS enforced on ITSM portal; • Role based access controls. • Active monitoring of authentication activity.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Approachable Certification
ISO/IEC 27001 accreditation date
April 2020
What the ISO/IEC 27001 doesn’t cover
The scope of our ISO 27001 accreditation applies to all aspects of the work conducted by Timico Limited as a managed cloud services provider at its Headquarters and Data Centre in Newark, Nottinghamshire and its Telford, Winnersh and London Offices.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Teamwork IMS Ltd
PCI DSS accreditation date
26/02/2020
What the PCI DSS doesn’t cover
Timico's PCI DSS Certification does not cover our customer's own media (containing CHD) if used. Timico does not have any contact with customer's hardcopy media in relation to cardholder data that the customer might store, process or transmit. Timico also does not have access to a customer's cardholder data, and hence do not share cardholders data with any parties.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security is part of our culture. We maintain a Security Manual detailing the policies and procedures we adhere to as a company both systems and personally. We maintain a rota of security meetings and reviews to discuss the policy or specific requirements. we are happy to share the Security Manual at the point of engaging with you. We are a registered ISO: 27001 company, confirming our ability to produce a framework of policies and procedures that match the essential information risk management processes, including legal, physical and technical controls. In order to maintain essential security regulations, we ensure compliance through all of our business processes. This allows us to deliver products and services to you with the confidence all your business data and processes are secure, with no room for error. With specific reference to security for our Data Centre, this was built with resilience and N+1 or N+N in mind. The facility sits behind security enforcement and an access-controlled gate. Our reception is a managed full-time, with CCTV systems running throughout the facility 24/7. Biometric access controls give us the confidence that our data centre is secure, and we operate a strict access policy to prevent any unauthorised visits.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The primary objective of our Configuration and Change Management (and part of our ISO9001 processes) is to enable changes to be made with minimal or no disruption to the services we provide. The goals of the this policy include a standard process for requesting, planning, approving, communicating, implementing and reporting changes to services. Policies are in place for all categories of change - standard, normal, emergency and retrospective, and risk and impact assessments are carried out prior to any change. If required a technical engineer will review the changes, and our customers are always required to approve any change undertaken.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Timico various vendor and Threat Intelligence sources in order to obtain information regarding potential threats. Combining the external information with regular vulnerability scanning and review, context and risk is applied to the vulnerabilities. The risk level (based upon CVSS and limited by scope/context) then drives patch timescales based upon the patching policy. Timico work towards remediating critical security issues within 30 days of identification.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Timico operates SIEM technology, supported by a 24/7 SOC that is outsourced with an SLA of 15 minutes for notification to our ITSM of an incident being identified. Timico's core infrastructure and systems feed event information into the SIEM. Once the incident is logged within our ITSM it is treated as per our Security Incident Management Policy with a 30 minute triage OLA.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
A detailed/documented incident process is included within our Information Security Manual, and forms part of our ISO 9001/27001 certifications. Any incident is logged in our ServiceNow platform, where all updates are added, with the incident flag selected. As soon as the incident is logged, the relevant people will then: - ▪ Assess the Incident and its seriousness ▪ Ensure communications take place with those affected ▪ Develop tactics for containing the Incident, so any damage does not spread ▪ Ensure analysis takes place to help ascertain its root cause(s) ▪ Ensure correctives actions are implemented, and aim to prevent recurrence

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£400 a person a day
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free trial may be available for this service - subject to the requirements and the actual solution required, and subject to agreement by both parties.

Service documents