MS Office & Exchange for Hosted Desktops (SaaS/DaaS)
A hosted desktop is fairly useless without any software on it. Venom IT provides lease-licence Microsoft Office installations, with a choice of Standard or Pro. Benefits are rollback in case of accidental deletions, full backups, and archiving up to 30 years - things you don't get with O365.
Features
- Word
- Excel
- Outlook
- PowerPoint
- Publisher (Pro only)
- Access (Pro only)
- Skype for Business (Pro only)
- OneNote
- Documents are accessible from anywhere
- Easy sharing and access level management of files
Benefits
- Native backup
- System rollbacks in case of accidental/malicious deletions
- Full archiving up to 30 years
- Larger mailbox than 365 (100GB)
- Larger attachment size than 365 (40MB)
- GDPR-compliant storage
Pricing
£7 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at <removed>@3dbe9bb0-5aa8-4270-b4e3-cc5d1559e5ff.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
2 6 0 6 5 7 3 6 1 8 4 9 5 7 6
Contact
VenomIT
<removed>
Telephone: <removed>
Email: <removed>@3dbe9bb0-5aa8-4270-b4e3-cc5d1559e5ff.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Private cloud
- Hybrid cloud
- Service constraints
- This service is for hosted desktops (DaaS) provided by Venom IT only. All constraints that apply to DaaS automatically apply to this service.
- System requirements
- Hosted desktop, provided by Venom IT
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Full remote support, Mon-Fri 8am-6pm is included at no charge
24/7/365 Emergency support, included at no charge
Full weekend support and full after-hours support are charged extra. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
The three levels are (1)Office Hours (2)Out-of-office Weekdays, and (3)Weekends, with Remote/Onsite/Both permutations.
Full remote support, Mon-Fri 8am-6pm is included at no charge
24/7/365 Emergency support, included at no charge
If support is required outside of the cloud infrastructure discuss with your technical account manager the costings, as these range from £10-£60 per user PCM, depending on options taken such as Full/Remote/Onsite or Antivirus/System Monitoring/Both.
The Support levels have a standard 2 hour-response SLA. We provide on-site support as and when required if this option is taken on initial agreed contract and also provide out of office hours support for those clients that request such service. All support services we provide are handled by our in-house cloud support technicians with escalation to engineers if required. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- 1) Scoping of project 2) On-boarding and user acceptance testing 3) Handover, along with documentation 4) Follow-up, sometimes including onsite training 5) Free support calls to support line
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- That depends on the new supplier - usually a VPN is set up and all data is transferred, verified then deleted. Another option is the postage of an encrypted disk(s) but that would incur a small additional charge.
- End-of-contract process
- Usually about a week before end date, all user/company data is transferred to the new supplier via VPN, then one final sync is performed on the stipulated handover date, the transferred data is verified by the new supplier, then deleted from our servers. Transferring the client's data via VPN is free, posting encrypted physical disks will incur a reasonable charge.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The user interface is different seeing as a keyboard is emulated on-screen, unless the mobile device has a separate physical keyboard. The smaller the screen, the more difficult it becomes to edit documents, especially Excel Spreadsheets. There are user settings than can be changed to make mobile devices easier to use (e.g. mouse emulation on/off). The ideal screen size is 7" and above.
- Service interface
- No
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- Kemp load balancers and NetScaler are in place to ensure each server cluster runs at optimal efficiency. Each SAN unit has more than 50% free space (depending on compression) in order to accommodate unexpected requests from clients for more space. The SAN units run on a 40 Gb iSCSI network ensuring high performance even under high demand.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Not applicable - all user data is stored in standard Microsoft document format.
- Data export formats
-
- CSV
- Other
- Other data export formats
- All Microsoft document formats.
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Downtime in any given calendar month - Credit Given: < 99.90% refunds 5% of Recurring Fees < 99.80% refunds 7.5% of Recurring Fees < 99.70% refunds 10% of Recurring Fees < 99.60% refunds 12.5% of Recurring Fees < 99.50% refunds 15% of Recurring Fees < 99.40% refunds 17.5% of Recurring Fees < 99.30% refunds 20% of Recurring Fees < 99.20% refunds 22.5% of Recurring Fees < 99.10% refunds 25% of Recurring Fees A maximum of 25% will be refunded in any given month
- Approach to resilience
- 3 DCs - 2 are in mirrored, Active-Active array, 1 runs as Backup only but can be retasked into Active mode. Additionally, services are modular in design, limiting the impact of hardware failures. Further details available on request
- Outage reporting
- Our CRM system is linked with Veeam, VMware (Vcentre) and CentraStage, and automatically creates tickets for any outages. There is also a public dashboard with optional email/text alerts (user's choice).
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- ISO27001 and ISO27017 and Venom IT Router and Switch Security Policy apply. Routers and switches must use TACACS+ for all user authentication. Telnet, FTP, and HTTP services are disallowed. Cisco discovery protocol, dynamic trunking, scripting environments, TCL shell etc are disabled. NTP is configured to standard source.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International
- ISO/IEC 27001 accreditation date
- 24/10/2018
- What the ISO/IEC 27001 doesn’t cover
- Annex 11.1.5 Secure Areas (Not Applicable) Annex 11.1.6 Delivery & Loading Areas (Not Applicable)
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO27017
- Security to NSI Gold Approved BS5979 (Active-Active DCs only)
- PASF (Police Approved Secure Facility - Active-Active DCs only)
- Cyber Essentials
- PCI DSS (Active-Active DCs only)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- 59 policies in total as per ISO27001 & ISO27017 for security and ISO9001 for quality. Due to the mostly flat organisational structure, reporting is done either directly to the Tech Director or the Quality Manager. Continual internal audits ensure that policies are followed, and annual external audits on ISO standards ensure compliance.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Configuration standards are mostly based on ISO standards, whilst continuous improvement is done through a combination of ISO and ITIL standards.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- ISO27017 code of practice for cloud providers applies. Threats are assessed on an ongoing basis through network audits and risk assessments. Due to the occasional release of defective patches, they are never deployed immediately but after one week. Patches are deployed on test servers first, before deployment across the entire network.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- ISO27017 code of practice for cloud providers and Venom IT Network Systems Monitoring Policy apply. Potential compromises are identified via log monitoring (Autotask tickets, NetScaler logs, server event logs, antivirus logs, firewall logs etc.) as well as pen testing. When a potential compromise is found, an emergency RFC is submitted to the CAB for faster approval. All security incidents are handled immediately.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- ISO27001 standards and ISO27017 code of practice for cloud providers apply, along with IS0 27002: Clauses 16.1.1 (Responsibilities and Procedures) and 16.1.2 (Reporting Information Security Events) and Venom IT Information Security Incident Reporting Policy.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £7 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A full, working hosted desktop will be created for each senior decision maker. This normally includes Windows, MS Office & MS Exchange (Email ) along with any other software supplied by the client. Trial period is usually 1 month and includes support.
- Link to free trial
- https://venomit.com/services/desktop-as-a-service-daas/
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at <removed>@3dbe9bb0-5aa8-4270-b4e3-cc5d1559e5ff.com.
Tell them what format you need. It will help if you say what assistive technology you use.