FCO Services

FCO Services - Cirrus 360

FCO Services Cirrus360 is a complete end user solution providing a Private Cloud-based version of Microsoft's Office software coupled with connectivity, identity management and end user devices.


  • Accredited at OFFICIAL, connected via the PSN Protected Service
  • Fully monitored by our Security Operations Centre - 24x7x365
  • UK Sovereign Datacentres staffed by DV Security Cleared Personnel
  • SLA of 99.9% uptime with 24x7x365 support
  • Single Sign On for ease of use (Hybrid)
  • Remote Access from multiple devices, not location dependant
  • Up-to-date tools and applications
  • Backup/Disaster Recovery from secondary Datacentre
  • Registered Participant Status for the EU Code of Conduct (Datacentres)


  • Faster, increased data sharing intra/inter departments across Government
  • Utility pricing - Pay for usage with no maintenance
  • Full operational support 24x7x365 from our Global Support Centre
  • Enables smarter working accessing the required applications irrespective of location
  • Microsoft based, with a familiar, intuitive interface reducing deployment costs
  • Connected to the PSN Protected Service for enhanced security
  • Resilient, operating from two locations with independent power supplies
  • Can be integrated with current services and data
  • Deliver the applications users need without complex, costly refresh programmes


£0.49 per user per day

Service documents

G-Cloud 10


FCO Services

Elizabeth Arneill

01908 515789


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Office 365
Cloud deployment model Hybrid cloud
Service constraints No
System requirements A login device compatible with the Cirrus solution and network

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Level 1 - P1 incidents have a response target of 30 minutes
Level 2 - P2 incidents have a response target of 30 minutes
Level 3 - P3 incidents have a response target of 4 working hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is included in the standard price and includes email and phone support 9-5 Monday to Friday.

Enhanced support is available to cover 24 hours and day 7 days a week support.

Technical account management, Service Delivery management and Cloud support engineers are accessible for customers choosing enhanced support and bespoke support contracts.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started End user documentation is provided as part of the implementation and hand over. Additional onsite or online training can be provided as an additional service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers can extract their data in a range of formats. In addition FCO Services can provide assistance or services to move data from an existing network or email system.
End-of-contract process The service is designed so that customers have the ability to extract their data from the service at any time. Upon termination or expiration of the customer’s subscription, the customer may contact FCO Services and request that:
a) Their accounts be disabled and all data deleted (in accordance with CESG assured processes); or
b) The customer data is retained in a limited function for a maximum of 28 days after expiration or termination of the service so that further data may be extracted.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Accessible via Windows 10 EUD.
Accessibility testing .
What users can and can't do using the API SharePoint, Exchange and Lync Powershell
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available Yes
Description of customisation Additional Office 365 modules can be added to the service.


Independence of resources The service uses Private Cloud infrastructure to ensure that demands can be met through on going monitoring and automated service provisioning.


Service usage metrics Yes
Metrics types Service Metrics are provided as part of regular reports from Account Mangers and Service Delivery Managers.
Reporting types Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Secure site, double fence perimeter. Access control to site via car or foot. Additional access control to data centre building and layered control to data centre halls. Perimeter CCTV.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data in a range of standard Microsoft formats, including: .xls, csv, doc, pdf, ppt
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability This service is delivered with a target availability of 99.9%.
Approach to resilience Detailed service is design is available on request.
Outage reporting Communication is sent out via your Service Delivery Manger (SDM) on a per customer basis.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication There are a range of options available, from username and password as a minimum to 2-factor authenication or identify federation.
Access restrictions in management interfaces and support channels The management interfaces and support channels are only available from devices owned and managed by FCO Services and with accounts that have 2 factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Approach is based on ISO27001 and HMG standards including IS1/IS2.
Information security policies and processes FCO Services works towards ITIL Best practice and are ISO 9001 Accredited.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach FCO Services will follow the defined ICT Operations Change Process. The Change Management process will ensure that IT and the business can be kept aligned with optimal efficiency and minimal disruption, re-work and risk by means of the consistent and effective management of the necessary changes needed to maintain alignment to ISO9001. The FCO Services will be under management of the standard ICT Operations Configuration Management policies ensuring configuration is visible and understood by all parties.
Vulnerability management type Undisclosed
Vulnerability management approach Regular vulnerability scans are conducted and remediation activity conducted. Identified vulnerabilities are added to the risk register if not remediated.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring is aligned to HMG Good Practice Guide 13 (GPG13).
Incident management type Undisclosed
Incident management approach FCO Services uses a Multifaceted process driven by SLA and priority to ensure our user are operating as normal as soon as possible

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £0.49 per user per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑