Alscient Limited

Microsoft Office 365

Microsoft Office 365 delivers the power of cloud productivity to help save time, money, and free-up valued resources. Office 365 combines the familiar Microsoft's desktop suite with cloud-based versions of communication and collaboration services including Exchange, SharePoint, Office and Skype for Business to help users be productive from virtually anywhere.

Features

  • Use Office on all your devices
  • Meet whenever, wherever
  • Share with customers and partners
  • Create a professional web presence
  • Manage all services in one console

Benefits

  • Ease of use
  • Improve collaboration
  • Security services

Pricing

£3.10 to £25.70 per user per month

Service documents

G-Cloud 9

360987848882251

Alscient Limited

Jerry Catallo

0113 8000 200

jerry.catallo@alscient.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to All the Microsoft portfolio of software.
Cloud deployment model Public cloud
Service constraints Nothing specific
System requirements
  • Web browser access
  • Subscription based licencing

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond immediately (via our service desk) to a customer call in normal working hours and deliver on an agreed SLA with our customers.
Typical priority levels, response and resolution targets are:

P1 15 mins/4 hours/1 working day
P2 15 mins/8 hours/2 working days
P3 1 hour/5 Business days/Agreed delivery date

Out of hours/weekend service is available and needs to be agreed separately.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a tailored service management agreement to meet our customer's requirements and the costs will be dependent on the actual service that is required. Plans start from as little as 8 hours per quarter, but as a guide then the typical costs for an SLA-based service including 24 hours of consultancy ranges from £2,250 per quarter. The plan has the flexibility to allow the hours to be used for support, continuous improvement, training, development, or as deemed appropriate by the customer.

Our typical priority levels, response and resolution targets are:

P1 15 mins/4 hours/1 working day
P2 15 mins/8 hours/2 working days
P3 1 hour/5 Business days/Agreed delivery date

We can also provide additional services such as an account manager, out of hours/weekend service, support engineers etc. and all of these capabilities can accommodated in your tailored service management agreement.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The scope of activities will vary depending on the final solution.
A full on-boarding plan will be defined, approved and submitted for acceptance and will include:
• User training
• Service implementation plans to include data and system integrations
• Definition and delivery of a custom security policy
• ITIL Service Management solution to include incident, problem and change management, service desk, continual improvement plan, service monitoring and performance reviews, SLAs and service reporting packs.
• Account and service plans and schedule of meetings
• An off-boarding process and plan.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction You own your data and retain all rights, title, and interest in the data you store with Microsoft Office 365.
You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Microsoft Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
Microsoft SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Vanity domain names such as contoso.com can be removed by following the Domain Removal instructions in Office 365 Help.
To download a copy of end-user metadata (such as email address, first and last name, and other data), you can use PowerShell cmdlets, including the Get-MsolUser Windows PowerShell cmdlet for Microsoft Office 365. If you use Exchange Online, you can also use the Get-MailUser and Get-User Exchange PowerShell commands.
Upon expiration or termination of your Office 365 subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
End-of-contract process Terms will be agreed for each engagement or system delivered and will reflect a minimum safe term to ensure service continuity for you.

Agreements may be terminated by either party on giving written notice prior to the agreed termination date. The notice periods will be agreed during commercial discussions.

On termination, the off-boarding plans will be executed to ensure a safe and secure winding up to the agreement and smooth handover of control and assets. This is included in the price of the contract. Any additional work will be charged for separately.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Microsoft Office Mobile apps are optimised for touch and for the smaller screens on phones and tablets.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Microsoft provides all accessibility standards reports online.
API Yes
What users can and can't do using the API Microsoft provides all information relating to the API online.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation The scope to customise Microsoft Office 365 is enormous and customer requirements can be specified, implemented, delivered and supported via Alscient. Alternatively users can customise their own implementations (depending on their level of expertise) and there is a wealth of training documentation and media online.

Scaling

Scaling
Independence of resources Microsoft is continually investing in their infrastructure to ensure a highly available service and this information is available (in detail) for their current customers as well as to all customers considering Microsoft Office 365.   They measure availability as the number of minutes that the Microsoft Office 365 service is available in a calendar month as a percentage of the total number of minutes in that month (called the uptime number). This calculation includes business, government and education services and is typically above 99.95% in every quarter.

Analytics

Analytics
Service usage metrics Yes
Metrics types This is available via the Microsoft Office 365 Trust Centre.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Microsoft Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
Microsoft SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
Upon expiration or termination of your Microsoft Office 365 subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Downtime: Any period of time when Office applications are put into reduced functionality mode due to an issue with Office 365 activation.

Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula:

(User Minutes -Downtime )/(User Minutes) x 100
where Downtime is measured in user-minutes; that is, for each month, Downtime is the sum of the length (in minutes) of each Incident that occurs during that month multiplied by the number of users impacted by that Incident.

Service Credit:
Monthly Uptime Percentage/Service Credit
< 99.9%/25%
< 99%/50%
< 95%/100%
Approach to resilience Microsoft Office 365 has been designed to follow best practices in design and operational processes. It has
Redundancy - redundancy at every layer (physical, data and functional).
Resiliency - active load balancing and constant recovery testing across failure domains.
Distributed Services - functionally distributed component services.
Monitoring - extensive monitoring, recovery and diagnostic tools.
Simplification. Reduced complexity drives predictability.
Human back-up - 24/7 on-call support.
Full details of these elements are available on request.
Outage reporting A customer gets consistent communication with Microsoft Office 365 and the online productivity services cover channels such as email, RSS feeds and the Service Health Dashboard. A Microsoft Office 365 customer gets a detailed view into the availability of services that are relevant to their organization. The Microsoft Office 365 Service Health Dashboard is the window into the current status of their services and their licenses. Microsoft continues to drive improvements into the Service Health Dashboard including tracking timeliness of updates ensuring that the customer has a full insight into their services health.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Microsoft Office 365 uses Azure Active Directory (Azure AD) to manage users and to provide authentication, identity management, and access control. Details relating to this subject is published and updated regularly online and is available to current and prospective customers.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 15/04/2015
What the ISO/IEC 27001 doesn’t cover It covers the provision of IT consultancy, software development and systems integration. All and any other areas are not covered by the certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a fully documented Information Security Management System (ISMS) which conforms to ISO 27001 (2005). We are currently upgrading this to ISO 27001 (2103) (UKAS).
The ISMS and our conformance to it is audited internally and externally on an annual basis.
All staff are fully briefed on the policies and processes and sign to confirm that they have understood and accepted the policies.
The process and policies are owned by the Head of Security who reports into the Operations Director.
Regular Management Reviews are attended by the Information Security Management Committee. This comprises of a Board Member, Head of Security, Head of Delivery, Head of Corporate Governance, CTO and others. These reviews are scheduled regularly, are minuted and a list of actions is maintained and reviewed.
The Management Committee is responsibilities include :-
• continuous improvement of the process and policies;
• Reviewing progress with any actions identified;
• Review of the effectiveness of the ISMS in light of security audits, incidents, suggestions and feedback received
• Review levels of residual and acceptable risk in light of changes in technology, statutory and regulatory requirements, business objectives and processes.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Microsoft has Message Centre, a combination of tools and information to manage ongoing changes in a customer’s environment, focused on improving communications and notifications.
Message Centre helps keep you in the loop on what is going on in your environment and new message types and pre-defined filters enable you to quickly sort through messages like:
Prevent or fix issues messages that help you identify and fix existing on-premises issues.
Plan for change messages informing our customers about changes such as feature updates and new services being added.
Stay informed messages including monthly updates summary, subscription notifications and more.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Microsoft employs a number of controls to safeguard its customers against a wide range of exploitations, all of which are founded upon industry security standards and best practices. Threat management strategy for Microsoft Office 365 involves identifying a potential threat’s intent, its capability, and probability of the successful exploitation of a vulnerability. All of this information is published and updated regularly online and is available to current and prospective customers.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft employs a number of controls to safeguard its customers against a wide range of exploitations, all of which are founded upon industry security standards and best practices. Threat management strategy for Microsoft Office 365 involves identifying a potential threat’s intent, its capability, and probability of the successful exploitation of a vulnerability. All of this information is published and updated regularly online and is available to current and prospective customers.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Microsoft employs a number of controls to safeguard its customers against a wide range of exploitations, all of which are founded upon industry security standards and best practices. Threat management strategy for Microsoft Office 365 involves identifying a potential threat’s intent, its capability, and probability of the successful exploitation of a vulnerability. All of this information is published and updated regularly online and is available to current and prospective customers.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £3.10 to £25.70 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 day trial available.
Link to free trial https://products.office.com/en-GB/try

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑