Nexus Open Systems Ltd

Nexus CloudSTEP for Microsoft Teams

CloudSTEP for Microsoft Teams provides a complete end-to-end solution for Microsoft’s Teams solution. CloudSTEP is based upon Microsoft's Framework Guidance for Cloud Voice, a stringent set of guidelines to ensure deployment success through comprehensive planning, delivery and operating phases. Underpinned by UC Assurance our leading unified communications support service.

Features

  • Delivers a full cloud situation voice solution
  • Flexible billing on a per user per month basis
  • End-to-end solution based on Microsoft Teams
  • Aligned to the Microsoft Framework Guidance for Cloud Voice (FGfCV)
  • Full discovery and envisioning through workshops
  • Comprehensive planning from deployment, configuration to support
  • Leasing options for headsets and handsets
  • Leverage our leading unified communications support service
  • Voice calls, instant messaging, audio and video conferencing
  • One hour Service Level Agreement for support issues

Benefits

  • Gain access to an entire unified communications platform
  • Comprehensive support from Microsoft Gold Partner
  • Leverage existing Office 365 subscriptions
  • Deployment success assured through close guidance
  • Nexus provide the first port of call for product support
  • Providing an interface between organisations and the Microsoft Cloud
  • Eliminate the need for traditional PBX hardware
  • Telephone numbers reside in the Microsoft Cloud
  • Migration paths from existing telephony systems and lines
  • Reduce capital expenditure through leasing options

Pricing

£10 per user per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 7 7 7 3 9 5 7 1 9 9 6 9 6 0

Contact

Nexus Open Systems Ltd

Chris Goodwill

01392 205095

sales@nexusos.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Microsoft provide planned maintenance notifications which will inform customers about service infrastructure work that might affect some Cloud Services. The scheduling of this maintenance can be viewed online.
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA is for 2 hours response for Critical issues; 4 hours response for Major issues and 8 hours response for Minor issues.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None as yet
Onsite support
Yes, at extra cost
Support levels
Support Levels: Basic - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal. Standard - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal; Service Level Agreement; Remote Monitoring & Alerting. Advanced - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal; Service Level Agreement; Remote Monitoring & Alerting; Annual IT Strategy; Monthly Remote Health Checks; Proactive Monitoring & Alerting; On-site Support. Support cost: Pricing is dependant on customers infrastructure and environment A dedicated Technical Account Manager is assigned to each customer and our Service Desk team includes Cloud Support Engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We follow a defined process for on-boarding new clients to ensure that they have the assurance of our help, whilst at the same time remain in control of the cloud services which are often at the core of their business. Through the on-boarding process Nexus will complete a detailed assessment of: • Client’s strategic vision • Organisational culture • Current and future objectives • Desire business outcomes • Potential improvements to existing business processes • Project and programme delivery resources • Current governance and programmes. We can provide onsite training to our clients as well as instruction at our own training centre. User documentation is provided by way of client portal guide
Service documentation
No
End-of-contract data extraction
You own your data and retain all rights, title, and interest in the data you store with Microsoft Teams.
You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Vanity domain names such as contoso.com can be removed by following the Domain Removal instructions in Office 365 Help.
To download a copy of end-user metadata (such as email address, first and last name, and other data), you can use PowerShell cmdletscommand let, including the Get-MsolUser Windows PowerShell cmdletcommand let for Office 365. If you use Exchange Online, you can also use the Get-MailUser and Get-User Exchange PowerShell commands.
Upon expiration or termination of your Phone System subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
End-of-contract process
There are no additional costs at the end of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Different mobile devices work with Phone System in different ways, Microsoft provide detailed information online regarding compatibility and functionality.
Service interface
Yes
Description of service interface
Application client and web browser
Accessibility standards
WCAG 2.1 A
Accessibility testing
The interface is provided by Microsoft and has been extensively tested with assistive technology
API
Yes
What users can and can't do using the API
The new Skype Developer Platform provides opportunities to customize and extend the capabilities not only with Phone System but also through Skype. Full details regarding the Skype Developer Platform and the APIs compatible with Phone System can be found online
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Microsoft Teams as part of Office 365 is built on Azure which is a multi-tenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware. Azure, provides geographically dispersed regions around the world. These platforms also provide capabilities that support availability and a variety of disaster recovery scenarios. Azure has resiliency and disaster recovery built in to many of its services.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
You own your data and retain all rights, title, and interest in the data you store with Office 365 including through Microsoft Teams.
You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
This service is underpinned by a Microsoft Service Level Agreement (SLA) which describes Microsoft’s commitments for up time and connectivity. For this service, availability of at least 99.95% is guaranteed. The following monthly up time limits attract the indicated service credits. <99.95% (10%); <99% (25%); <95% (100%).
Approach to resilience
Available on request
Outage reporting
A public dashboard shows the status of the service. Email alerts are available from the Office 365 Service Health Dashboard RSS Feed.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Nexus manage access to management interfaces and support channels through the use of Named Contacts. Those users who require access to management interfaces and support channels such as the client portal must apply for access through their organisation to the Nexus Service Desk. These user applications are then reviewed and approved or rejected with the individual recorded as a Named Contact for the particular service and appropriate credentials provided.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standards Institute
ISO/IEC 27001 accreditation date
15/10/2016
What the ISO/IEC 27001 doesn’t cover
In addition to having the BSI verify the compliance of Office 365 and Dynamics 365 with ISO/IEC 27001, we have asked the BSI to review more than 20 additional privacy controls that we built into the services to better align it with comprehensive European data protection regulations. We have taken this unique approach to help our European customers understand the protections we have put in place to help them satisfy the specific expectations of both European citizens and European regulators. M any customers consider EU privacy regulations to be the strictest in the world, so our work to align our controls with EU privacy regulations helps all customers that value data protection and privacy.Our ISO 27001 certifications and audits by the BSI thus enable all our customers to evaluate how Microsoft meets or exceeds the standards and implementation guidance against which we are certified. The full results of BSI’s findings are included in its ISO/IEC 27001 audit reports on Office 365 and Dynamics 365, summaries of which are available to Office 365 and Dynamics 365 customers upon request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Nexus hold and maintain an Information Security Policy. We have an Information Security Office (ISO) who is responsible for the development, management and enforcement of the policy across our organisation.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Nexus have a configuration management process for tracking changes in the specification of our services and products, this is managed centrally. Nexus also implement a full change management process for assessing and if appropriate executing any changes to services and products.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
One key operational best practice that Microsoft uses to harden its cloud services is known as the “assume breach” strategy. A dedicated “red team” of software security experts simulates real-world attacks at the network, platform, and application layers, testing Office 365's ability to detect, protect against, and recover from breaches. By constantly challenging the security capabilities of the service, Microsoft can stay ahead of emerging threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft security researchers are constantly on the lookout for threats. They have access to an expansive set of telemetry gained from Microsoft’s global presence in the cloud and on-premises. This wide-reaching and diverse collection of datasets enables Microsoft to discover new attack patterns and trends across its on-premises consumer and enterprise products, as well as its online services. As a result, Security Center can rapidly update its detection algorithms as attackers release new and increasingly sophisticated exploits. In the event that customer data is compromised, Microsoft will notify its customers.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All Incident tickets will be recorded in the Nexus Service Desk system under the Incident Management workflow. All new Incident tickets will undergo an initial impact assessment. Nexus will further look to determine the number of users/systems affected and establish the commercial impact to the customer’s environment. We have a knowledge base to be able to check for common events. Users can report incidents by phone, email or through their client portal. Incidents are included in any appropriate service monthly ticket summary reports.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full featured trial, valid for 30 days

Service documents

Return to top ↑