Version 1 Solutions Limited

Office 365 / SharePoint as a Service

Version 1 have combined our track record and expertise in Office 365 / SharePoint applications and environments to provide customers with a support solution that ensures their Office 365 /SharePoint infrastructure and applications are being actively monitored and managed to the highest standards, ensuring optimum availability, reliability and performance.

Features

  • Advice on best practice in relation to governance
  • Real-time KPI monitoring
  • Proactive maintenance
  • Comprehensive periodic SharePoint Health checks
  • Reactive support to issues that arise
  • Installation and Migration Services
  • SharePoint accelerators available
  • Capacity planning, street testing and quality assurance
  • ITIL, ISO 20000, ISO 27001 certified managed service
  • Sectors: Healthcare, Ambulances/GRS, Police, Local Government, Central Government, Higher Education

Benefits

  • Information Governance Processes and Procedures supported
  • ISO15489, MoReq2010 and TNA Compliance supported
  • Rapid implementation of SharePoint Solutions
  • Improved collaboration and knowledge management
  • Platform for Digital Transformation
  • Microsoft Gold Partner: Azure Specialisation in Apps Modernisation
  • Service Reliabilty Engineering / Next Gen - Managed Service

Pricing

£10.00 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 2 1 6 9 4 8 7 3 4 0 1 9 8 9

Contact

Version 1 Solutions Limited Matt Gorman
Telephone: +44 203 859 4790
Email: tendernotices@version1.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Microsoft Service Descriptions are available at https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx and https://docs.microsoft.com/en-gb/microsoft-365/enterprise/services-overview
System requirements
  • Currently supported web browser
  • Communications link with sufficient capacity for the service
  • See also - https://docs.microsoft.com/en-gb/azure/

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA covers Office Hours:
1 hour priority calls
4 hour response standard
Can be tailored to customer requirement including weekend cover
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Version 1 uses Skype for our web chat support. The following is a list of devices with supported accessibility features available for Skype on Windows 8 desktop:

• Narrator screen reader enables blind people to use their computer or other device as its purpose is to read text on the screen aloud. Skype for Windows desktop and Skype for Windows 8 may also work well with third-party screen readers such as NVDA (free download) and JAWS.
• High-contrast settings benefit low vision users and users with little or no color perception as it makes text easier to read.
• Magnifier is a feature intended for low vision users as it enlarges the screen and makes text easier to read and images easier to see
Onsite support
Yes, at extra cost
Support levels
The Managed Service provided by Version 1 is based on our ISO 20000 processes and procedures. The ISO 20000 standard held by Version 1 since July 2011, is aligned to the ITIL service framework and covers standard service processes such as Incident Management, Change Management and Release Management . During on-boarding we can tailor these processes and agree the detail of their implementation, in particular how they integrate with the client’s own internal processes. There is an additional charge for this tailoring which can be incorporated in the on-boarding costs. Version 1 has an ITIL based Service Governance structure in place for each client to ensure SLAs are met and the overall support service is managed in a responsive, customer-focused manner. The focus of the service governance will be a regular Service Management Board or Service Review Meeting attended by key stakeholders. Each managed service client is assigned a service manager to co-ordinate their service provision and ensure customer satisfaction levels are maintained. At Version 1, Continuous Service Improvement as a core element of our Managed Service offering and we incorporate it into the client's Managed Service at the outset of our engagement
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A critical aspect of any project is the need to conduct comprehensive training for the users in the use of the application. Version 1 is committed to conducting professional training to ensure that users of the system can gain maximum benefit from using it.
Version 1 normally propose a ‘train the trainer’ approach to user training be adopted, integrated with the testing and overall acceptance phase of the project. This requires a difference in approach from standard training courses, as users need to be trained in both the application and in how to pass this on to their colleagues.
A number of “super users” for the system should be nominated by the client and could also be identified through a Training Needs Analysis process
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Version 1 will assist with service migration and can provide a data extract in an agreed format.
End-of-contract process
The migration work at end-of-contract will be chargeable based on the standard G-Cloud rate card.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is optimised for mobile, desktop and tablet use and there are differences. Core functionality is available across all platforms. See https://support.office.com/en-us/article/Office-Online-browser-support-AD1303E0-A318-47AA-B409-D3A5EB44E452
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Please see https://technet.microsoft.com/en-us/office/dn788774.aspx

Scaling

Independence of resources
Please see http://www.microsoft.com/en-us/download/details.aspx?id=54249

Analytics

Service usage metrics
Yes
Metrics types
System Users
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft, Automated Intelligence

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
For data at rest, Office 365 deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Version 1 can provide a data extract in an agreed format
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
See https://products.office.com/en-us/business/office-365-online-data-portability
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Please see http://fasttrack.microsoft.com/office/onboard/50

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience
Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting
Via the service status portal

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Office 365 comes with a set of administrator roles that you can assign to users in your organization. Each admin role maps to common business functions, and gives those people permissions to do specific tasks the Office 365 admin center.

https://support.office.com/en-gb/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d?ui=en-US&rs=en-GB&ad=GB

https://support.office.com/en-gb/article/Assign-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-GB&ad=GB"
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
29/07/2015
What the ISO/IEC 27001 doesn’t cover
The scope of the certification covers all Version 1 Managed Service activities
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Version 1 recognise that the relationship between information security and IT service management is so close that we implemented an Integrated Management System (IMS) that has been certified to ISO 27001:2013 and ISO 20000-1:2011 with matching scopes.
The Version 1 IMS is based on the guidance provided in the International Standard for the Corporate Governance of IT (ISO/IEC 38500) and the International Standard for Risk Management (ISO 31000).
The Version 1 IMS has a broad scope that supports all of our ICT services.
The Version 1 IMS is audited every 3 months, alternately by internal and external auditors.
An Information Security Officer along with the IT Governance Committee are responsible for maintaining the IMS, as well as providing advice and guidance on policy implementation.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Verison 1 has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001 and ISO 20000
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
In support of the Information Security Policy, Office 365 runs multiple layers of antivirus software to ensure protection from common malicious software. Servers within the Office 365 environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware. Additionally, all mails coming into the service run through the Exchange Online Protection engine, which uses multiple antivirus and antispam engines to capture known and new threats against the system. .
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Office 365 employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Office 365 services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)

Pricing

Price
£10.00 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.