MTI Technology Ltd

Microsoft Azure Subscription Purchase

As a Microsoft CSP partner, MTI can enable customers to purchase Azure services or solutions via the CSP programme to provide flexible billing and services

Features

• Enables purchase of Microsoft Azure services and solutions
• Provides local support for customer tenancies and subscriptions
• Provide services to help implement and maintain Azure

Benefits

• Flexible and simplified billing on For Azure
• Enables customer to pay only for what they need
• Cost-effective pricing
• Improved levels of administrator and user support
• Saves IT department time in designing, planning and deploying components
• Tailored support for employees and IT departments
• Visibility and guidance from experienced specialist technicians

£0.02 per instance per hour

• Education pricing available

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 11

Service ID

230983746280473

Contact

MTI Technology Ltd

Ashi Choudhury

01483520200

bid@MTI.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: This service is only offered for products and services available within Microsoft Azure. Also, not all Azure services are available via the CSP programme
• System requirements:
  • Customer will require an Azure tenant
  • Support Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times; ; SLA's agreed on a service by service basis
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: N/A
• Support available to third parties: No

Onboarding and offboarding

• Getting started: MTi offer an onboarding service called cloud shift which can easily move onprem workloads or alternatively public cloud workloads to this service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Azure makes data available to migrate to any other service the customer requires.
• End-of-contract process: Termination notice is required at which point the customer can then extract the data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is the same from a management perspective
• Service interface: Yes
• Description of service interface: Portal access via a browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing follows Microsofts accessibility standard testing.
• API: Yes
• What users can and can't do using the API: All details can be found on the Micrsoft Azure API Management section.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Azure platform has many thousands of profiles and configurations from IaaS to PaaS to ensure it fits the customer requirements.

Scaling

• Independence of resources: Microsoft support many millions of users on Azure across the globe. Through hyperscale datacenters and multiple locations user instances and well balanced.

Analytics

• Service usage metrics: Yes
• Metrics types: Real time data usage is provided via the CSP portal.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Organisation whose services are being resold Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Azure have a rich set of tools for the customer to extract their data from physical assets to connectivity downloads.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Microsoft provide 99.999% availability
• Approach to resilience: Available on request
• Outage reporting: Available via the portal and via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces are support with MFA along with username and passwords and strict controls on Admin levels and access levels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 18/10/2018
• What the ISO/IEC 27001 doesn’t cover: No non conformities were identified as part of this assessment
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: BSI
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: All areas
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc.
• PCI DSS accreditation date: 27/8/2018
• What the PCI DSS doesn’t cover: All areas covered
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301
  • ISO 27018
  • ISO27107
  • ISO 22301
  • ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: ITIL standards are applied as the management methodology.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: CHECK vulnerability assessments are applied at least every 12 months
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A SIEM platform is in place to pro actively monitor the security posture.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: ITIL Standards are followed for Incident Management

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Joint Academic Network (JANET)

Pricing

• Price: £0.02 per instance per hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Terms and conditions (pdf)