Castle Computer Services Ltd

Microsoft Dynamics 365 Business Central

Microsoft D365 Business Central uniquely delivers a comprehensive, end-to-end approach to business applications helping you unify data and relationships, build intelligence into your decision making
and accelerate business transformation.

Our service provides analysis, planning, design, deployment and support services for Microsoft D365 BC; Microsoft D365 BC Consultancy and licensing.


  • Application based enquiry to bank management.
  • Customer Relationship Management design, development and support.
  • Enterprise Resource Management (ERP) design, development and support
  • Field Service, Sales, Manufacturing and Marketing functions
  • Improve financial reporting
  • Connect your business and departments digitally with D365 BC
  • Streamline your supply chain
  • Role based user profiles providing access to the right data
  • Customisable workflow
  • Automated alerts, reminders and action quotes


  • Flexible delivery model designed around your requirements
  • Highly experienced and qualified D365 BC consultants and deployment team
  • Solution design and customisation to match your business requirements
  • Secure and scalable business applications environments
  • Fast access to rich and insightful customer data
  • Secure cloud based service with strong managment controls
  • Access to a global libary of plugin services
  • Monthly subscription based licencing model
  • Training and knowledge transfer to your internal support teams
  • Market-leading expertise from a MS D365 Gold Partner


£50 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 2 1 5 2 8 2 5 7 8 0 1 0 0 0


Castle Computer Services Ltd

Paul Sutherland

01698 844600

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
System requirements
  • Supported web browser, i.e Internet Explorer, Google Chrome
  • Office integration requires Office 365 to be inplace
  • Appropriate licensing needs to be procured
  • System requirements are dependent on the project scope.

User support

Email or online ticketing support
Email or online ticketing
Support response times
The standard support SLA is one hour for responses.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Castle’s support model is based around ITIL (IT Infrastructure Library) best practice. ITIL is a best practice framework developed by the Office of Government Commerce and is rapidly becoming the worldwide de facto standard for the delivery of IT support to businesses.
Castle’s ITIL based Support methodology will then be used to ensure that the highest quality, proactive and responsive support service is provided to you.
We adhere carefully to IT industry best practice, and follow the ITIL standards (IT Infrastructure Library). Our support function is provided via our dedicated helpdesk in Strathclyde Business Park, Bellshill from where we provide high quality support to over 500 customers
We use a number of leading edge systems and software applications to help maximize our service to customers, such as:
• Cherwell service management call handling software
ITIL accredited software for handling, monitoring and reporting Castle’s service against agreed SLA’s
• Network streaming software
This allows us to take control (remote control) of any PC or server that can connect to our web site .
• And our innovative myCastle self service support portal
Support available to third parties

Onboarding and offboarding

Getting started
Based on the customers requirements we tailor the project and on-boarding process. This is dependant on modules required, users roles and business process. A typical project would include:
Software customisation
User training
System testing
Knowledge transfer.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
All customer data in relation to the services specified in the project remain the property of the customer. At the end of the contract all data will be extracted in the agreed format and within agreed timescales as detailed in the exit plan inssued at the start of the project.
End-of-contract process
The end of contract process and costs are agreed with the customer on a case by case basis depending on the size and complexities of activities.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile app and desktop / browser solution offer the same functionality. The solution is responsive based on the device being used.
Service interface
What users can and can't do using the API
The API provides many extensiblity points allowing customisations including interface, data storage, reporting, workflow etc.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
API sandbox or test environment
Customisation available
Description of customisation
Customisation is provided through the many extensiblity points allowing customisations including the interface, data storage, reporting, workflow etc.


Independence of resources
Our solution is based on the Microsoft Azure online services and therfore provides a highly scalable infustructure ensuring services are not impacted by high usage.


Service usage metrics
Metrics types
Service Metrics and reports are agreed as part of the project and can include.

User Logins
Data storage etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported in a number of standard formats including, CSV and full database back-ups. The ability to export data is security controlled based on the users permissions and role.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We supply comprehensive SLA's with the customer at the start of the project, providing 99.99% avaialablity.
Approach to resilience
The Datacenters implement various technologies to achieve high level resilence, detailed information is available on request from the customer.
Outage reporting
Outages are reported to the customer, by phone, email and dashboards

Identity and authentication

User authentication needed
User authentication
Other user authentication
User authentication will vary depending on the customer requirements and will be discussed at the project stage.
Access restrictions in management interfaces and support channels
Access is restricted by security controls.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We follow industry standards and specifically Microsoft standards
Information security policies and processes
Castle have detailed policies for IS with full senior management responsibility.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use ITIL process with all changes requiring full documentation, risk and impact assessment and customer sign-off.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our approach is agreed with the customer at the project start, and covers vulnerability threats and possible sources. The deploying of patches are managed with the customer to ensure minimum impact on system activity.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We work with the customer to determine the best fit for monitoring the solution, our main tool for this is Solarwinds.
Incident management type
Supplier-defined controls
Incident management approach
We use the ITIL process to ensure all incidents are logged, prioritsed and tacked in line with the agreed SLAs.

Incidents can be reported by phone or email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£50 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑