GOV.UK
Brightwire
Case Management and Customer Service with Dynamics365
Brightwire helps organisations plan and deliver Microsoft Dynamics365 - a fully customisable software platform that is easy to use and manage. Business solutions range from contact, activity and relationship management, complaints handling, legal matter management, patient (clinical and veterinary) management, marketing and customer service in call centres and service departments.
Features
- Contact, activity, membership, patient and case management
- Accelerated delivery model
- Process / task driven interface
- Mobile optimised and responsive for mobile/tablet/PC
- Choice of deployment options and data migration
- Real time business intelligence and analytics
- Integration-capable with line of business applications
- Sophisticated workflows and automation and support for business rules
- Flexible system can be tailored and adapted
- Support for all integrations including Office 365 and SharePoint
Benefits
- Customer information accessible from a single place reduces department silos
- Saves time by automating processes and tasks, and increases efficiency
- Improves agility through better access to more insightful customer data
- Can be configured to meet your organisation's GDPR policies
- Better engagement with customers and stakeholders
- Rapid user adoption through familiar interface and expert training
- Better handling of customer complaints and service issues
- Case examples across retail, clinical, call centre, legal, customer care
- Extend data management to customers and partners
- Integrate with web portals for end-to-end data management and insight
Pricing
£675 per person per day
- Free trial available
Service documents
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Framework
G-Cloud 11
Service ID
238708721581124
Contact
Service scope
| Software add-on or extension | Yes, but can also be used as a standalone service |
| What software services is the service an extension to | Dynamics 365 consulting and custom development, business transformation consulting. |
| Cloud deployment model |
|
| Service constraints | None - clients have a choice of deployment and support models depending on organisational and infrastructure requirements. |
| System requirements |
|
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times |
There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request. |
| User can manage status and priority of support tickets | Yes |
| Online ticketing support accessibility | None or don’t know |
| Phone support | Yes |
| Phone support availability | 24 hours, 7 days a week |
| Web chat support | No |
| Onsite support | Yes, at extra cost |
| Support levels | Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement. |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started |
We offer a variety of training plans to help users start using the service. Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings. User documentation is provided where required in electronic format. Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking. User guides: these can either be documented or video guides for users and contain quick tips and handy reference information. Online training: we can provide online training if required - typically to larger groups of users. The level of onboarding and offboarding support depends on the customer's requirements. We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area. |
| Service documentation | Yes |
| Documentation formats |
|
| Other documentation formats |
|
| End-of-contract data extraction | All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment. |
| End-of-contract process | The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required. |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | No |
| Designed for use on mobile devices | Yes |
| Differences between the mobile and desktop service |
Mobile offline support: allows users to update records with an automated sync ensuring that updates are applied to the live system. CRM for Outlook app: automatically provides a CRM pane for all Outlook items. Mobile security: enables organisations to secure their data in instances where users are accessing CRM on their own mobile device New Mobile UI Controls: optimises CRM forms for mobile apps by utilising controls such as sliders and other interactive features. Mobile experience mirrors much of the desktop/web application functionality. |
| Accessibility standards | WCAG 2.1 AA or EN 301 549 |
| Accessibility testing |
Dynamics365 is extensively tested at Microsoft to meet current accessibility guidelines. Conformance reports can be found here: - https://www.microsoft.com/en-gb/Accessibility/accessibility-conformance-reports - https://www.microsoft.com/en-us/trustcenter/compliance/compliance-offerings/wcag - https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/ |
| API | Yes |
| What users can and can't do using the API |
A variety of functions can be performed using the Web API: data can be queried, entities created, records filtered, and specific properties requested. In addition some cognitive service integration can now also be achieved to determine sentiment analysis and make product or service recommendations. The API can also be used to connect to user or customer portals. It is implemented using RESTful. Dynamics365 apps are built on the Common Data Service platform. More information is available here: https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/use-microsoft-dynamics-365-web-api and https://docs.microsoft.com/en-gb/powerapps/maker/common-data-service/data-platform-intro |
| API documentation | Yes |
| API documentation formats |
|
| API sandbox or test environment | Yes |
| Customisation available | Yes |
| Description of customisation | Dynamics 365 is highly configurable and customisable. The level of customisation depends on client need - ranging from simple to complex workflows, triggers and notifications (as examples). |
Scaling
| Independence of resources |
There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance, bandwidth/connectivity and network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance. In the Dynamics365 hosting environment, Microsoft uses scale groups to handle variable platform load. As a tenant's load increases, the Dynamics365 instances are automatically transferred to a more performant group to deal with the load. This ensures that other tenants sharing the same scale group remain unaffected. |
Analytics
| Service usage metrics | Yes |
| Metrics types |
Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis. Using the Administration features available in Microsoft's Power Platform, clients can view performance analytics and detailed usage insights. |
| Reporting types |
|
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Conforms to BS7858:2012 |
| Government security clearance | Up to Developed Vetting (DV) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | Yes |
| Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
| Protecting data at rest |
|
| Data sanitisation process | Yes |
| Data sanitisation type |
|
| Equipment disposal approach | In-house destruction process |
Data importing and exporting
| Data export approach | All data can be exported or replicated to an environment such as a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The way in which we would recommend this be done would depend on customer need and the target environment. |
| Data export formats |
|
| Other data export formats |
|
| Data import formats |
|
| Other data import formats |
|
Data-in-transit protection
| Data protection between buyer and supplier networks | TLS (version 1.2 or above) |
| Data protection within supplier network | TLS (version 1.2 or above) |
Availability and resilience
| Guaranteed availability | For Dynamics 365 licensing the Microsoft guarantee for service level uptime is 99.9%. Should the service fall below this in a given month then a credit will be given against the applicable month's subscription fee. |
| Approach to resilience |
Microsoft 365 offerings are delivered by highly resilient systems that help to ensure high levels of service. Service continuity provisions are part of the 365 system design. These provisions enable 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable). The Microsoft Dynamics CRM Online service is designed to provide a high degree of security, continuity, and compliance—service goals that are derived from the Microsoft Risk Management program. Further information is available here: https://docs.microsoft.com/en-gb/Office365/securitycompliance/office-365-data-resiliency-overview |
| Outage reporting |
Administrator dashboard with alerts and notifications (email and online). Outages are reported through the Office 365 admin center. Clients can see the current and historic service health, and planned maintenance. Further information is available here: https://docs.microsoft.com/en-us/office365/enterprise/view-service-health |
Identity and authentication
| User authentication needed | Yes |
| User authentication |
|
| Access restrictions in management interfaces and support channels | Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality. Users are authenticated by using an Office 365 account (Office 365 licence not required). Authentication can be handled in a variety of ways depending on how a client wishes to manage access, including multi-factor authentication. |
| Access restriction testing frequency | At least every 6 months |
| Management access authentication |
|
Audit information for users
| Access to user activity audit information | Users have access to real-time audit information |
| How long user audit data is stored for | User-defined |
| Access to supplier activity audit information | Users have access to real-time audit information |
| How long supplier audit data is stored for | User-defined |
| How long system logs are stored for | User-defined |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | BSI - see website for Dynamics365 Certificate Number IS 580851 |
| ISO/IEC 27001 accreditation date | 27/09/2016 |
| What the ISO/IEC 27001 doesn’t cover | In scope: The management of Information Security Management System (ISMS) for Microsoft Dynamics CRM Online Service development, operations in accordance with the Statement of Applicability Revision 2016.001, dated 9/27/2016. |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | No |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes |
We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO. Further information on security with Dynamics365 can be found here: https://www.microsoft.com/en-us/trustcenter/security/dynamics365-security |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach |
We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope. The service is aligned to Microsoft's technology and service lifecycle and makes use of DevOps tools. Specific processes for change management are as follows: Request: Initiation of a change with a request for change (RFC); Classification: Assigning a priority to the change after assessing its urgency and impact; Authorisation: Processing the RFC through to the change advisory board; Development: Developing the change, release management; Release Management: Releasing the change for testing; Review: Conducting post-deployment review. |
| Vulnerability management type | Supplier-defined controls |
| Vulnerability management approach | We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. Critical updates are always deployed as soon as they become available and always within a 4 hour window. Office 365 runs multiple layers of antivirus software to ensure protection from malicious software. Servers within the Office 365 environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware. |
| Protective monitoring type | Supplier-defined controls |
| Protective monitoring approach |
We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have automatic lock out on accounts if suspicious activity is assumed or detected. We track and monitor invalid login attempts via event logging mechanisms and respond based on the SLA times as detailed earlier in this section. Proactive monitoring continuously measures the performance of key subsystems of the Office 365 services platform against the established boundaries for acceptable service performance and availability, and generates warnings so that operations staff can address the event if one occurs. |
| Incident management type | Supplier-defined controls |
| Incident management approach | Users report incidents online using our incident reporting tool or by using our helpdesk. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. For outage incidents with Dynamics 365 that are Microsoft related, the administrator will receive alerts and be able to raise issues using the administration dashboard. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance. |
Secure development
| Approach to secure software development best practice | Conforms to a recognised standard, but self-assessed |
Public sector networks
| Connection to public sector networks | No |
Pricing
| Price | £675 per person per day |
| Discount for educational organisations | No |
| Free trial available | Yes |
| Description of free trial | A vanilla free trial (i.e. without customisations) is available for a duration of 30 days. |