Computacenter (UK) Ltd

Computacenter - Managed Windows 10 & Office Pro-Plus Evergreen

Computacenter's Managed Evergreen service helps organisations to test, deploy and manage Windows 10 Feature Releases & Office Pro-Plus every six months or annually. It is a comprehensive solution designed to minimise deployment time whilst managing risks, to keep your OS and Office 365 Pro-Plus platform up to date.


  • Using analytics to capture end-user device estate details during deployment
  • Integration of tooling to automate processes
  • Automatically make users ready for deployment based on agreed conditions/compatibility
  • Orchestration tools automatically deploy to users when ready
  • Option to automate User Acceptance Testing
  • End to end service management


  • Evergreen Management as extension to W10 Transformations
  • Option to include Microsoft Office365 within same Evergreen process
  • Option to include Hardware refresh as part of deployment
  • Minimise Time to Deploy
  • Managed Risk
  • Automatic tracking of deployment status


£22 per device per year

Service documents

G-Cloud 10


Computacenter (UK) Ltd

Frameworks Team

+44 (0) 1707 631000

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints The Customer must be licensed (or prepared to purchase Microsoft license) to use Windows 10
System requirements Windows 10 License agreement

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As per agreed SLAs
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels N/A - This is a KPI driven service
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We have a minimum period of approx 8 weeks to on-board a customer - set up of technology and infrastructure required to deliver the service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Yes - The data will remain within the customers infrastructure.
End-of-contract process We will conduct an off-boarding service to close the service.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
Customisation available No


Independence of resources As part of the service, Computacenter will carry out a infrastructure readiness assessment to ensure that users are not affected by demand levels.


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft (OS). HP, Lenovo, Dell, Microsoft, Apple (Devices)

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach N/A as the data remains within the customers infrastructure
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability N/A
Approach to resilience N/A
Outage reporting A combination of reporting tools will deliver service reports. Individual user outages are reported through incidents or created by Computacenter on behalf of the customer i.e. before customer is aware of it happening

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels This will be defined with the Customer through delegated control access.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 28/05/2016
What the ISO/IEC 27001 doesn’t cover Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following:
The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v4.0 dated 10/02/2016.
The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with Statement of Applicability v6.5 dated 19/07/2016.
The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security.
This is in accordance with Statement of Applicability v3.4 dated 09/11/2015.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification GemServ
PCI DSS accreditation date January 2017
What the PCI DSS doesn’t cover Only the data centres for the specific controls of Requirements 9 – Restrict physical access to cardholder data and 12 - Maintain a policy that addresses information security for all personnel of PCI DSS v3.1, which is not relevant for this service.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Group ISMS contains a consistent security assurance framework and accompanying baseline set of Information Security Policies that are to be used throughout the Computacenter Group.
Information Security Policies define the minimum security standards for the Computacenter Group. They consist of technical, procedural and staff behavioural rules that work in concert to preserve the security aspects of Computacenter IT Systems and the information that they process.
The Group ISMS Information Security Policy set is divided into categories covering topics such as Information Security Management, End-user responsibilities and Acceptable Usage plus technology specific security requirements.
An 'Acceptable use Policy' (AUP) document is included in the Policy set, as a minimum, which must be read and understood, for ensure employee’s know their obligations and comply with this and any other Security Policies that relate to their role in the organisation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting the client production services from outage and disruption resulting from change. Our Group Change Management team acts as the primary interface for the client to control changes to IT Infrastructure. The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no disruption to the service.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting. Customer specific programs are also deployed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type Supplier-defined controls
Incident management approach Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £22 per device per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑