IBM United Kingdom Ltd

IBM Microsoft Dynamics 365 for Case Management

IBM's solution for Case Management provides a modern digital services and customer engagement platform based on Microsoft Dynamics 365 and the Microsoft Cloud. A powerful omni-channel platform for digital transformation and 'Digital by Default' programmes successfully deployed to over 40 UK Public Sector organisations, providing accelerated service delivery.


  • Built on Microsoft Dynamics 365 using the Microsoft Cloud (UK)
  • CRM, end to end flexible, configurable business process and workflow
  • Integrated customer self-service portal and Omni-channel support
  • Seamless integration with other Microsoft technologies e.g. cognitive services
  • Integrated powerful Knowledge Management with knowledge articles
  • Integration to other Local Authority back-office applications using Web API
  • Robust role based security model supporting GDPR compliance
  • Powerful case management and customer relationship management
  • Inbuilt business intelligence, reporting and analytics
  • Rapid service creation using Local Government specific functions


  • 'Digital by Default' solution enabling Case Management and digital transformation
  • Enabler for business transformation and modernisation
  • Platform for application consolidation and replacement
  • Public Sector Case Management functionality as standard enabling accelerated delivery
  • Powerful real-time analytics, business analysis and performance management
  • Device independent mobile-working as standard (including off-line working)
  • Single 360 degree view of the citizen including all interactions
  • Extensible and configurable platform, exploiting the full Microsoft Cloud
  • Fully maintained to latest Microsoft releases using configuration
  • Accelerate development of customer services


£5 per user per month

Service documents


G-Cloud 11

Service ID

3 9 1 4 2 0 1 3 1 1 1 0 8 3 5


IBM United Kingdom Ltd

Alice Griffin

Please email

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Minimum Microsoft specified network and infrastructure requirements to consume Microsoft Cloud Services. Service is limited to Microsoft Dynamics 365. Service uses framework developed by IBM. Web browser required. Internet connection required. Separate Application Maintenance & Support available. IBM professional services may be required for deployment.
System requirements
  • Modern up-to-date web browser
  • Up-to-date iOS, Android or Windows device for mobile access
  • Ability to download mobile application from app stores

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Support levels are managed dependent on the severity of the issue with severity 1 being the most serious to 4 being the least serious. Details of these service levels are:

1 - High. Resolution aim within 1 to 8 hours.
2 - Medium. Resolution aim within 2 to 16 hours.
3 - Low. Resolution aim within 8 hours to 10 working days.
4 - Lowest. Resolution aim within 8 hours to 20 working days.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support levels are managed dependent on the severity of the issue with severity 1 being the most serious to 4 being the least serious. Details of these service levels are:

1 - High. Complete stoppage of work for all users and no other options or Workaround available for work to continue/a major function is not operational that impacts all users and no other options or Workaround available. Resolution aim within 1 to 8 hours.
2 - Medium. System is not operational for one or more users and no other options or Workaround available for work to continue/a major function is not operational that impacts some users and no other options or Workaround available. Resolution aim within 2 to 16 hours.
3 - Low. A minor function of the System is not operational for one or more users, but they can continue to use other application functions. Example being a user has questions about System functionality/a user needs administrative assistance. Resolution aim within 8 hours to 10 working days.
4 - Lowest. A minor issue with very low or no visibility that has no direct impact on the application, users or revenue. Resolution aim within 8 hours to 20 working days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Microsoft Dynamics 365 makes available comprehensive guidance, help, training and troubleshooting materials as part of the Microsoft Dynamics 365 Service. Within the Administration Portal, there are links to many of the resources available, including:
Help articles for users and administrators who need to manage Microsoft Dynamics 365.
Community forums/wikis where help articles and white papers are published
Service Health dashboard for information regarding outages/issues.

To help organisations to start using the service, IBM will provide the Solution consisting of the IBM Public Sector Solution for Microsoft Dynamics – Case Management which includes a set of pre-built configuration and customizations built on Microsoft Dynamics. This provides:
a. Public Sector Case Management-ready data schema based on customising existing Microsoft Dynamics entities and adding new ones;
b. a range of Public Sector Case Management features and processes to simplify key activities;
c. a Solution Generator which speeds up the process of generating ublic Sector services/processes together with the ongoing maintenance and release management between Microsoft Dynamics environments;
d. a set of pre-built configurations and customizations for the Microsoft portals for delivering integrated customer self-service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Several data extract options are offered to support offboarding. An Advanced Find query can be configured with all data required for export and then exported to Excel / CSV etc. The Data Export service adds the ability to replicate Dynamics 365 data to a Microsoft Azure SQL Database store. The Software Development Kit (SDK) can also be used.
End-of-contract process No more than 180 days after expiration or termination of Customer’s use of an Online Service, Microsoft will disable the account and delete Customer Data from the account.

A termination will be effective at the end of the monthly Subscription cycle during which the buyer terminates the Subscription or reduces the number of User Licenses. The buyer must pay for the period prior to the termination effective date.

If the buyer terminates a one year Subscription within 30 days of the date on which the Subscription became effective or was renewed, the buyer must pay for the initial 30 days of the Subscription. No
payments will be due for the remainder of the Subscription.

Buyers wishing to offboard from the service should refer to the subscription cancellation section within the Microsoft Dynamics Customer Centre. Buyers offboarding from the service are able to extract their information beforehand; online guidance details how to export information into Excel format, and customers can also request a copy of the Microsoft Dynamics 365 Online SQL Database by referring to

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service You can access Microsoft Dynamics 365 data from mobile devices by installing and using the apps for Windows, iOS, and Android mobile devices, or you can run the Dynamics 365 web app on the device’s preferred browser. The Dynamics 365 mobile apps can be downloaded from the appropriate app store at no charge and they support Windows / iOS & Android devices. The mobile app gives a rich user experience that allows users to access many of the same features they would use via the desktop browser, while also leveraging capabilities of the mobile device such as GPS & camera.
Service interface No
What users can and can't do using the API The web API provides a development experience that can be used across a wide variety of programming languages, platforms, and devices. The Web API implements the OData (Open Data Protocol), version 4.0, an OASIS standard for building and consuming RESTful APIs over rich data sources. (Further details can be found here -

The web API is part of the Dynamics 365 Software Development Kit (SDK). The SDK contains a wealth of resources, including code samples, which are designed allow powerful vertical applications to be built using the Microsoft Dynamics 365 platform. It is a guide for developers writing solutions, server-side code, client applications and extensions, custom business logic, plug-ins, integration modules and custom workflow modules.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Microsoft Dynamics 365 is a highly customisable and flexible business application. The bulk of the customisations can be carried out without requiring custom development. This includes amending and creating new entities, forms, view and workflow processes. For cases that do require custom development, Microsoft provides a software developer kit (SDK).

The IBM Social Housing solution is highly customisable via powerful and intuitive point and click interfaces. These include configurable workflow, business logic and customer service processes.

Business process can be quickly configured, mapped and managed via the solution. These business processes can be routed to the appropriate individual or team with associated service levels to ensure they can be managed in a controlled and consistent manner.

Forms & fields can also be added and amended to mirror the users organisation and ensure customer interaction can be dealt with as efficiently and effectively as possible.

Any documents or communication can also be customised to be generated (this can be done automatically) as part of a business process to ensure customers receive timely and effective communication.


Independence of resources Microsoft have invested heavily in cloud based data centres and therefore are able to provide a comprehensive service level agreement for your organisation. Microsoft provides a financially backed service level of 99.9% uptime for the solution. If this level drops then service credits will be issued by Microsoft. There is a built in elasticity within the data centre to ensure that customers will not be impacted based on others usage.


Service usage metrics Yes
Metrics types Dashboards & reports are a powerful feature in Microsoft Dynamics 365. Information can be assembled and presented from several places in Microsoft Dynamics 365 in a quickly-read format. Dashboards & reports are easy to create, and are easy to revise as your changing business needs require.
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach AES 256bit Symmetric SQL Transparent Data Encryption (TDE).
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Several data extract options are offered, one is to select any system data (such as a set of contacts) and export to Excel as either a static or dynamic worksheet. The Data Export service adds the ability to replicate Dynamics 365 data to a Microsoft Azure SQL Database store. Another option is to use web service APIs documented in the Dynamics 365 SDK
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XLSX
  • XLS
  • XML
  • HTML
  • TXT
  • ODS
  • PDF
  • DIF
  • XPS
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • TXT
  • XLSX
  • ZIP

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Safeguards are applied on multiple fronts, including: securing the web application with SSL; custom-defined security roles which govern what users can access and the actions they can perform; field-level security; full business data auditing; and stringent physical security of Microsoft data centers, including building and system/database access. Additionally, the application itself uses standard security features of the Microsoft software infrastructure.

Dynamics 365 is deployed in Microsoft datacenters, protected by defense-in-depth security that includes perimeter-fencing, video cameras, security personnel, secure entrances, and real-time communications networks. The defense-in-depth security continues through every area of the facility and to each physical server unit.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network The networks within the Microsoft Dynamics 365 data centers are designed to create multiple separate network segments within each data center. This segmentation helps to provide physical separation of critical, back-end servers and storage devices from the public-facing interfaces.

Availability and resilience

Availability and resilience
Guaranteed availability Microsoft Dynamics 365 is covered by a financially backed guarantee 99.9% monthly availability.
Approach to resilience The service has multiple layers of monitoring in place. The infrastructure/platform layer is monitored for events related to provisioning, service failures, and threshold attainment (such as memory consumption). Each instance of a customer’s Microsoft Dynamics 365 data is written locally twice within the same primary datacenter as well an asynchronous sync to a secondary datacenter on the same continent for a total of four copies, in the event a failover is required. Microsoft Dynamics 365 operates in geographically distributed Microsoft facilities. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability.
Outage reporting Service disruption notification emails go out to all Dynamics 365 Online System Administrators when there is downtime involved.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Access to management interfaces and support channel is limited to Office 365 Global or Dynamics Administrators.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institution (BSI)
ISO/IEC 27001 accreditation date Original Registration Date 29/02/2012
What the ISO/IEC 27001 doesn’t cover Microsoft Dynamics 365 is covered by ISO/IEC 27001
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 05/04/2012
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover Self Assessment
PCI certification No
Other security certifications Yes
Any other security certifications SSAE 16 SOC 1 Type II

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IBM has an Information Technology (IT) Security policy that establishes the requirements for the protection of IBM's worldwide IT systems and the information assets they contain, including networks and computing devices such as servers, workstations, host computers, application programs, web services, and telephone systems within the IBM infrastructure. IBM’s IT Security policy is supplemented by standards and guidelines, such as the Security Standards for IBM's Infrastructure, the Security and Use Standards for IBM Employees and the Security Guidelines for Outsourced Business Services. Such are reviewed by a cross-company team led by the IT Risk organization every six months.

IBM has a dedicated Vice President of IT Security who leads a team responsible for IBM's own enterprise data security standards and practices. Responsibility and accountability for executing internal security programs is established through formal documented policies. IBM Services teams also have dedicated executives and teams who are responsible for information and physical security in the delivery of our client services.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Microsoft Dynamics 365 has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Microsoft Dynamics 365 Online implements technologies to scan the environment for vulnerabilities. Identified vulnerabilities are tracked and verified for remediation. In addition, regular vulnerability/penetration assessments to identify vulnerabilities and determine whether key logical controls are operating effectively are performed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Dynamics 365 platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event. System performance and capacity utilization is proactively planned to optimize the environment.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach An incident management framework has been established and communicated with defined processes, roles and responsibilities for the detection, escalation and response of incidents. Incident management teams perform 24x7 monitoring, including documentation, classification, escalation and coordination of incidents per documented procedures. Events, thresholds and metrics have been defined and configured to detect incidents and alert the appropriate Microsoft Dynamics 365 teams.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £5 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Microsoft provide a free 30 day trial of the Dynamics 365 solution. Users are able to assess the functionality available within the solution including Customer Service, Field Service, Marketing and Analytics. The trial version is for the base Dynamics 365 application and does not include the additional IBM accelerator.
Link to free trial

Service documents

Return to top ↑