Civica UK Limited

Microsoft Dynamics 365 Case Management

Implement your Case Management system using Civica Digital's Case Management Accelerator utilising Microsoft Dynamics 365. A Case Management solution enables caseworkers to systematically manage a case from creation to closure. Case information is stored centrally so all relevant correspondence, e-mails, notes, contacts are stored within the case, managed using Workflows.


  • Case Management Capability for Public Sector
  • OOB Microsoft Dynamics 365 Functionality
  • Add-Ons available; Click Dimensions, Power Bi, O365
  • Customer Facing Portal Capability
  • Public Cloud Solution with Microsoft Dynamics 365 CRM online
  • Scalable - User and Environment Based Licensing
  • Dashboards and In-Built Reporting capability
  • Accessible with multi-device support
  • Migrate to Dynamics 365 from CRM On Premise
  • Familiar easy to use interface with multi-lingual capability


  • Expert Microsoft Dynamics 365 CRM Resources
  • Scalable Operating Cost with Microsoft Dynamics CRM online
  • Fixed Monthly Cost
  • CRM Advice - Optimise your Microsoft Dynamics 365 solution
  • Dynamics 365 CRM Platform Managed Service
  • Reduced Set-Up costs
  • Cost effective flexibility: easy to add/remove users and features
  • Industry standard platform: easy migration options, supportable and extensible
  • Accessibility: users can access service from securely connected mobile devices
  • Extensive Customer Relationship Management track record and experience


£6.40 per user per month

Service documents

G-Cloud 9


Civica UK Limited

Civica UK Limited

020 7760 2800

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Our services are built upon Microsoft's Dynamics 365 cloud platform.
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Processor - 1.9GHz x86- or x64-bit dual core processor
  • Memory - 2-GB RAM
  • Display - Super VGA with a resolution of 1024x768
  • Bandwidth greater than 1Megabit per second (125 KBps/Kilobyte per second)
  • Latency under 150 ms
  • Windows 10 - Internet Explorer 11, Microsoft Edge
  • Windows 8.1 - Internet Explorer 11
  • Windows 8 - IE10, Windows7 -IE10, IE12
  • Support for Mozilla Firefox, Google Chrome and Apple Safari
  • Further information can be found here -

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Civica Digital offers two levels of Cloud Support, 24x7 or Working hours only. Response times depend on the severity of the incident and are as follows: Severity Level1 - Critical 10 mins to acknowledge, 1 hour to respond, 4 hours to resolve; Severity Level2 - Severe 10 mins to acknowledge, 4 hours to respond, 8 hours to resolve; Severity Level3 - Disruptive 10 mins to acknowledge, 1 day to respond, 5 days to resolve; Severity Level4 - Minor 10 mins to acknowledge, 5 days to respond, 10 days to resolve. Microsoft platform resolution times are excluded from Civica Digital's SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Civica Digital’s Service Delivery Manager (SDM) ensures support delivery against service levels defined within the Service Level Agreement (SLA) as follows: Service Level 0: 1 week response intended for non-critical systems requiring a light support service. Typically under Call-off contracts Service Level 1: 8 hour response intended for standard non-critical systems Service Level 2: 4 hour response for semi-critical systems. Service Level 3: 2 hour response for business critical systems The SDM is supported by the Civica Digital Service Desk which provides support from 08.30 to 17.30 on UK working days. The Service Desk responds to questions depending on the Severity Level of the call as follows; Severity Level 1 - Critical - The reported problem causes a halt to the Client’s core business processes and no workaround is available. Severity Level 2 - Severe - The reported problem causes degradation of the Client’s core business processes and no reasonable work-around exists. Severity Level 3 - Disruptive - The reported problem impacts the Client’s operational environment but does not affect core business processes. A work-around is available. Severity Level 4- Minor - A non-critical problem is causing some disruption but with little or no impact on the Client operation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started During initiation the Civica Digital Delivery Manager (DM) assesses what help, support and training users require to start using the service. The DM works closely with the customer to agree an on-boarding plan that ensures users are ready to start using the service, typically priced from the SFIA rate card. The on-boarding plan may incorporate the following:
Support Documentation – availability and access to online user support documentation and resources.
Cloud Induction Training for system administrators and online product help. Provides the skills to run cloud services.
Cloud Standard Training in the core system for system champions and end users. Covers system administration, security and cloud service monitoring/managing.
Cloud Specialist Training – advanced training for system champions. This may involve Accredited Courses from Civica Digital Cloud delivery partners including Google, Amazon Web Services and Microsoft.
Cloud Training Packages, tailored package of training for specific business requirements for system administrators, business managers, and end users.
The Delivery Manager also facilitates skills transfer throughout the project and provides access to Civica Knowledge Sharing activities including supplier briefings, Webinars.
Service documentation No
End-of-contract data extraction Termination period depends on the payment model. When paying per user per month, customers may terminate their G-Cloud service with 30 days’ notice. When buying an enterprise licence, the minimum term is a year. Customers can terminate their service by contacting Civica Digital in writing.
Customers may request all associated data is extracted and provided securely to a destination of their choice (see pricing for charges associated with data extraction). If no data extraction is requested, then the associated data will be deleted within 5 working days of service termination. The three step off-boarding process is: 1. Termination Notification – one month termination notice sent; 2. Data Extraction – Optimal Data Extraction for Test Migration; 3. Service Termination – All Data Wiped.
End-of-contract process For monthly contracts, Civica Digital require 30 days’ notice to terminate a G-Cloud service. When buying an enterprise annual licence, the minimum term is a year and 3 months’ written notice must be provided. At the end of the contract, the service will be turned off unless the customer decides to extract their data as per the extraction process detailed above. Customers will be credited for any amount that has been paid beyond the termination date once the service has been terminated subject to minimum terms.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Civica Digital Services recognise that digital services are accessed “anytime, anywhere, any device”. Therefore, Civica Digital have utilised a responsive design approach to ensure a common user experience that is browser based and platform independent. The interface is optimised to run on either a mobile device or tablet depending on the size of the screen with certain elements, like menus, collapsing to take up minimal screen space as the available space reduces.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Civica Digital utilises market leading software and technologies to deliver digital services that can be accessed, without barriers, by all. Civica Digital utilise technologies that meet accessibility laws and standards. Microsoft Cloud platforms (Office 365 & Dynamics 365) are designed to the requirements of EN 301 549 and WCAG 2.0 AA. Our service interfaces are designed to enable people with limited vision, hearing, speech, mobility, and learning abilities to access, communicate and collaborate. We utilise technologies that enhance the usability by incorporating assistive technologies, ease of access settings, and a range of input devices. We continually review these based on insights from Civica Digital technology partner testing and research studies and customer feedback. We also offer built-in settings to enhance reading and writing experiences.
What users can and can't do using the API The Web API provides a development experience that can be used across a wide variety of programming languages, platforms, and devices. The Web API implements the OData (Open Data Protocol), version 4.0, an OASIS standard for building and consuming RESTful APIs over rich data sources. (Further details can be found here - The web API is part of the Dynamics 365 Software Development Kit (SDK). The SDK contains a wealth of resources, including code samples, which are designed allow powerful vertical applications to be built using the Microsoft Dynamics 365 platform. It is a guide for developers writing solutions, server-side code, client applications and extensions, custom business logic, plug-ins, integration modules and custom workflow modules.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation The services and solutions that we provide within Dynamics 365 provide our clients with significant flexibility for customisation and configuration. Dynamics 365 is one of the most extensible platforms available, enabling users with sufficient permissions the ability to have a bespoke customised experience across different sections of the tenancy. Configuration can easily be applied directly within Dynamics 365’s user interface. More involved customisation is typically undertaken via use of Dynamics 365’s APIs. This empowers users with the ability to introduce customisation that allow different types of content to be viewed, created, edited or even deleted. Permissions can be set to ensure that only required users have the ability to apply customisation.


Independence of resources Microsoft make significant investment into the Dynamics 365 platform to ensure optimised performance. They additionally provide extensive support services, which help to ensure that performance issues with your tenancy are minimised. Microsoft monitor usage, demand and activity, and automatically maintain optimal infrastructure to meet each client’s specific needs – as such, as user place demand on services, Microsoft ensure that other users are not affected. Detailed guidance about performance tuning are available online, which help to ensure that your tenancy is configured to meet your organisations specific needs.


Service usage metrics Yes
Metrics types The Dynamics 365 platform provides a highly stable cloud environment, with a variety of different service analytics. One such report is Microsoft’s Dynamics 365 Service Health website, which provides real-time metrics around service performance. Each tenancy’s Admin Center provides a range of metrics within the Service Health Center, which detail current incidents and advisories affecting different services. Additional, the Admin Center provides reports on tenancy usage and security/compliance.
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach For data at rest, the service deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from Microsoft Dynamics 365 through the Export to Excel feature and using web service APIs documented in the Dynamics 365 SDK. Data can also be exported using the data export service.
Data export formats
  • CSV
  • Other
Other data export formats
  • Web service APIs documented in Dynamics 365 SDK
  • Files in XML Spreadsheet, TXT, CSV, XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • Use the web service APIs documented in Dynamics 365 SDK
  • Files in XML Spreadsheet, TXT, CSV, XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients, such as Skype for Business Online, Outlook, and Outlook on the web. See also
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Please see and

Availability and resilience

Availability and resilience
Guaranteed availability Dynamics 365 has a contractually guaranteed availability of 99.9% based on 24 x 7 availability Please see the following link for full SLA Details: Civica Digital’s service desk is available 09:00am – 5:30pm UK Working Days. If you would like service levels to apply outside of normal service hours, then please contact us with your requirements. Where the customer is using the public cloud service then Microsoft’s SLA will apply, and Civica Digital will act as the customer’s agent to liaise with Microsoft to resolve issues. Microsoft pay service credits directly if Dynamics 365 does not meet pre-defined service levels. Credits are calculated per minute based on the whole month and come from Microsoft. Civica Digital will pass onto the customer any service credits received from Microsoft. The following credits are due for the percentage uptime: Less than 99.9% = 25% credit, less than 99% = 50% credit, less than 95% = 100% credit.
Approach to resilience Microsoft have designed Dynamics 365 to maximise reliability and minimise negative impact on their customers. The have built significant redundancy into their services, which allows them to deliver high availability to their customers. Microsoft have worked to ensure customer data is intact and unaffected by any form of Dynamics 365 resilience failure. Microsoft have engineered resilience from the infrastructure upwards, for example, they make use of peer replication between datacenters to ensure that there are always multiple copies of all data. Dynamics 365 also benefits from automated malware detection, for example, Exchange Online features layered scan engines protecting against both known and unknown threats, and service checks for updated anti-malware definitions every hour.
Outage reporting Microsoft provide a number of channels for reporting outages within Dynamics 365. The Service Health Center provides a high-level overview of any known service outage affecting Dynamics 365, making it simple for clients to establish a global overview of the current status of services. Each tenancy additionally provides granular information around known outages within the Admin Center’s Service Health facility; this details the user impact of incidents and advisories affecting the specific tenancy. The result is a comprehensive overview of any service outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Dynamics 365 has a comprehensive access model which can be tailored to any organisation. Administration access can be locked to individual elements and user permissions can be refined so that users have access to what they need without being able to compromise the security and availability of the platform. Civica Digital restrict administrator access solely to the teams which support the system. Development access is given to any team members on projects who need to configure and build on the platform.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR Ltd
ISO/IEC 27001 accreditation date 4th May 2016
What the ISO/IEC 27001 doesn’t cover Civica Digital's ISO27001 certificate covers the full breadth of services that we deliver. The certificate does not extend to the inner workings of the Microsoft Data Centres but these are covered by Microsoft's ISO27001 certificate.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Civica Digital are fully ISO27001 accredited and are used to working on ultra-secure systems for the Government. Microsoft, the providers of the Dynamics 365 platform, are also ISO27001 accredited. Civica Digital’s ISO27001 implementation covers the full spectrum of services we provide including the implementation of secure systems and the ongoing support of services including those on cloud platforms. Civica Digital’s policies ensure that there is representation all the way up to board level and each division has appointed information security officers who report to the representative on the board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Microsoft use a DevOps approach to releasing changes to the Dynamics 365 platform. Almost all operations performed on hosts and applications are automated so that human intervention is reduced to a minimum, reducing the possibility of an inconsistent configuration or a malicious activity. This automated approach allows for the easy tracking of changes as patches are rolled out through data centres worldwide.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach In support of the Information Security Policy, the service runs multiple layers of antivirus software to ensure protection from common malicious software. Servers within the service environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware. Additionally, all mails coming into the service run through the Exchange Online Protection engine, which uses multiple antivirus and antispam engines to capture known and new threats against the system. Microsoft has its own Security Response Center (MSRC) that also supplies information to all our customers covering the whole range Microsoft products.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Microsoft uses the Operational Security Assurance (OSA) framework since many threats target software vulnerabilities and operational weaknesses. OSA supports continuous monitoring, helps to identify operational risks, provides operational security guidelines, and validates that those guidelines are followed. OSA helps make Microsoft cloud infrastructure more resilient to attack by decreasing the amount of time needed to protect, detect, and respond to security threats. Microsoft Dynamics 365 is built upon a DevOps culture and hence patches are released multiple times a week, hence fixes can be rolled out quickly.
Incident management type Supplier-defined controls
Incident management approach Civica Digital will provide service desk support to a designated customer administrator or IT Help Desk. End users of the service experiencing service issues contact their designated administrator or help desk who will then raise an incident either by phone, e-mail or online ticket. The incident will be managed by the service desk team who will assign a priority depending on severity. The engineers will then work to resolve the incidents and any underlying problems if present. Work is overseen by the Service Delivery Manager who works with the customer and will produce monthly incident management reports.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £6.40 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Civica Digital can offer a 30 day trial of Dynamics 365 which can be used to test the features and functionality of the platform. The trial invitation includes: - 1 user license Dynamics 365 for HCM, Trial; - Delegated administration.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑